Can someone explain how this "Shellshock" code works in a shell

I read on the news that Shellshock is another bigger vulnerability after Heartbleed . Code to check if our Bash shell is vulnerable or not:

env X="() { :;} ; echo shellshock" /bin/sh -c "echo completed"


In detail, how does this code work exactly? What does the code env X="() { :;} ;


How is it vulnerable and can it be exploited if I host a website in a Linux environment where the shell is vulnerable?


source to share

1 answer

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

What does it do env


From the documentation env

runs programs in a modified environment.

env [OPTION]... [-] [NAME=VALUE]... [COMMAND [ARG]...]


It is clear that x

is the name / variable and () { :;}; echo vulnerable'

is the value of the variable.

Now what is it () { :;};


When the function is exported, Bash stores its defenition as a value in an environment variable:

$ x() {echo hello world;}
$ export x
$ env | grep x
x=() {echo hello world};


Now that x='() {:;}'

means similar spelling

$ x() {:;}
$ export x
$ env | grep x


That is, we indirectly did it export x

in a new environment created env

. Here :

is the null operator in Bash.



All Articles