I am having problems understanding the following code, which is the Shell Shock 'proof of vulnerability' code.
Can someone explain it to me? Specially, this part "() { :;};"
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
Asked
Active
Viewed 812 times
4
Jonathan Leffler
- 730,956
- 141
- 904
- 1,278
zahid adeel
- 123
- 4
-
This is the Shell Shock code. There is at least one, probably multiple, other questions on this topic. …OK; the other question I had in mind is more recent than this one…so now [Can someone explain how this shellshock code works in shell?](http://stackoverflow.com/questions/26052189/can-someone-explain-how-this-shellshock-code-works-in-shell) is a duplicate of this. Is there another question that should be the canonical one? – Jonathan Leffler Sep 26 '14 at 05:24
1 Answers
5
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
what env does?
From the docs, env runs programs in modified environment
env [OPTION]... [-] [NAME=VALUE]... [COMMAND [ARG]...]
it clear that x is a name/variable and () { :;}; echo vulnerable' is the value fo the variable
now what is () { :;};?
when a function is exported, bash stores its defenition as value to the environment variable
$ x() {echo hello world;}
$ export x
$ env | grep x
x=() {echo hello world};
now when x='() {:;}' means similar as writing
$ x() {:;}
$ export x
$ env | grep x
That is we indirectly made export x onto the new environmnet created by the env
Here : is a null statement in bash
Hope it helps
nu11p01n73R
- 26,397
- 3
- 39
- 52