Can someone explain the Shell Shock Bash code?

Question

Can someone explain the Shell Shock Bash code?

I am having trouble understanding the following code, which is Shell Shock Proof of Vulnerability code. Can someone explain this to me? Especially this part " () { :;};

"

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

+3

linux unix bash ubuntu shellshock-bash-bug

zahid adeel 26 Sep 14 at 4:33

source to share

1 answer

nu11p01n73R · Accepted Answer · 2014-09-26T05:09:00+0000

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

what env

does it do?
Documents env

run programs in a modified environment

env [OPTION]... [-] [NAME=VALUE]... [COMMAND [ARG]...]

it is clear that x

is the name / variable and () { :;}; echo vulnerable'

is the value of the variable

now what is it () { :;};

?
when the function is exported bash stores its defenition as the value of an environment variable

$ x() {echo hello world;}
$ export x
$ env | grep x
x=() {echo hello world};

now when x='() {:;}'

means similar spelling

$ x() {:;}
$ export x
$ env | grep x

We did this indirectly export x

on a new environment created env

here :

- this is the null statement in bash

Hope it helps

Can someone explain the Shell Shock Bash code?

More articles: