Can someone explain how this "Shellshock" code works in a shell

I read on the news that Shellshock is another bigger vulnerability after Heartbleed . Code to check if our Bash shell is vulnerable or not:

env X="() { :;} ; echo shellshock" /bin/sh -c "echo completed"

      

In detail, how does this code work exactly? What does the code env X="() { :;} ;

do?

How is it vulnerable and can it be exploited if I host a website in a Linux environment where the shell is vulnerable?

+1


source to share


1 answer


env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

What does it do env

?

From the documentation env

runs programs in a modified environment.

env [OPTION]... [-] [NAME=VALUE]... [COMMAND [ARG]...]

      

It is clear that x

is the name / variable and () { :;}; echo vulnerable'

is the value of the variable.

Now what is it () { :;};

?



When the function is exported, Bash stores its defenition as a value in an environment variable:

$ x() {echo hello world;}
$ export x
$ env | grep x
x=() {echo hello world};

      

Now that x='() {:;}'

means similar spelling

$ x() {:;}
$ export x
$ env | grep x

      

That is, we indirectly did it export x

in a new environment created env

. Here :

is the null operator in Bash.

+4


source







All Articles