有人可以解释的炮弹休克猛砸code？ [英] Can someone explain the Shell Shock Bash code?

问题描述

我有问题理解以下code，这是code中的炮弹休克的脆弱性的证明。
有人可以解释给我吗？特别地，这部分（）{：;};

  ENV X ='（）{：;};回声-c回声这是一个测试弱势的bash
 

解决方案

ENV X ='（）{：;};回声-c回声这是一个测试弱势的bash

什么 ENV 呢？
结果从文档， ENV 运行在修改后的环境计划
结果

ENV [选项] ... [ - ] [NAME = VALUE] ... [COMMAND [ARG] ...]

明确指出， X 是一个名称/变量，（）{：;};回声弱势为fo变量的值
结果

什么是现在的（）{：;}; ？
结果
当一个函数被导出时，bash存储其defenition作为价值的环境变量

  $ X（）{回声世界你好;}
$出口点¯x
$ ENV | grep的点¯x
X =（）{回声的Hello World};
 

现在，当 X ='（）{：;} 表示类似写

  $ X（）{：;}
$出口点¯x
$ ENV | grep的点¯x
 

这是我们间接作出出口X 到由 ENV创建的新environmnet 结果
在这里，：是在bash一个空语句

希望它能帮助

I am having problems understanding the following code, which is the Shell Shock 'proof of vulnerability' code. Can someone explain it to me? Specially, this part "() { :;};"

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

解决方案

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

what env does?
From the docs, env runs programs in modified environment

env [OPTION]... [-] [NAME=VALUE]... [COMMAND [ARG]...]

it clear that x is a name/variable and () { :;}; echo vulnerable' is the value fo the variable

now what is () { :;};?
when a function is exported, bash stores its defenition as value to the environment variable

$ x() {echo hello world;}
$ export x
$ env | grep x
x=() {echo hello world};

now when x='() {:;}' means similar as writing

$ x() {:;}
$ export x
$ env | grep x

That is we indirectly made export x onto the new environmnet created by the env
Here : is a null statement in bash

Hope it helps

这篇关于有人可以解释的炮弹休克猛砸code？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！