Can someone explain how this "Shellshock" code works in a shell
I read on the news that Shellshock is another bigger vulnerability after Heartbleed . Code to check if our Bash shell is vulnerable or not:
env X="() { :;} ; echo shellshock" /bin/sh -c "echo completed"
In detail, how does this code work exactly? What does the code env X="() { :;} ;
do?
How is it vulnerable and can it be exploited if I host a website in a Linux environment where the shell is vulnerable?
source to share
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
What does it do env
?
From the documentation env
runs programs in a modified environment.
env [OPTION]... [-] [NAME=VALUE]... [COMMAND [ARG]...]
It is clear that x
is the name / variable and () { :;}; echo vulnerable'
is the value of the variable.
Now what is it () { :;};
?
When the function is exported, Bash stores its defenition as a value in an environment variable:
$ x() {echo hello world;}
$ export x
$ env | grep x
x=() {echo hello world};
Now that x='() {:;}'
means similar spelling
$ x() {:;}
$ export x
$ env | grep x
That is, we indirectly did it export x
in a new environment created env
. Here :
is the null operator in Bash.
source to share