{"id":601,"date":"2014-09-26T15:19:07","date_gmt":"2014-09-26T07:19:07","guid":{"rendered":"http:\/\/ufqi.com\/blog\/?p=601"},"modified":"2014-09-26T15:19:07","modified_gmt":"2014-09-26T07:19:07","slug":"gnu-bash-env-error","status":"publish","type":"post","link":"https:\/\/ufqi.com\/blog\/gnu-bash-env-error\/","title":{"rendered":"GNU Bash \u73af\u5883\u53d8\u91cf\u8fdc\u7a0b\u547d\u4ee4\u6267\u884c\u6f0f\u6d1e"},"content":{"rendered":"

\u63a2\u6d4b\u8bed\u53e5\uff1a<\/p>\n

shell> env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”<\/p>\n

\u5982\u679c\u663e\u793a\u4e86 vulnerable \u5c31\u662f\u6709\u6b64\u6f0f\u6d1e\u3002<\/p>\n

\u4e0b\u5348\u9010\u6e10\u4fee\u590d\u4e86\u591a\u53f0openSuSE\u7684\u670d\u52a1\u5668\uff0c\u7248\u672c\u53f7\u4ece11.0–13.1 \u4e0d\u7b49\u3002<\/p>\n

\u5176\u4e2d\u5728\u4e00\u53f0\u8f83\u65e9\u7684\u670d\u52a1\u5668\u4e0a\uff0c\u4ece gnu-bash\u7684\u5b98\u7f51\u4e0a\u4e0b\u8f7d\u4e86 bash-4.3, \u5c45\u7136\u662f\u6ca1\u6709\u4fee\u590d\u8be5\u6f0f\u6d1e\u7684\u7248\u672c\uff0c\u901a\u8fc7\u6e90\u7801\u7f16\u8bd1\u4e4b\u540e\u5b89\u88c5\uff0c\u6267\u884c\u4e0a\u9762\u63a2\u6d4b\u8bed\u53e5\uff0c\u4ecd\u7136\u6ca1\u6709\u4fee\u590d\u3002<\/p>\n

\u540e\u7ecf\u67e5\u8be2\uff0c\u5404Linux\u5382\u5546\u53d1\u5e03\u7684 bash-4.2-68.4.1\u624d\u662f\u4fee\u590d\u4e86\u8be5\u6f0f\u6d1e\u7684\u3002<\/p>\n

\u4e0a\u9762\u7684\u60c5\u5f62\uff0c\u9700\u8981\u5c06\u6e90\u7801\u5b89\u88c5\u7684bash-4.3\u5378\u8f7d\u6389\u5148\uff0c\u627e\u5230 bash-4.3\u7684\u5b89\u88c5\u76ee\u5f55\uff0c\u6267\u884c\uff1a<\/p>\n

shell> make uninstall<\/p>\n

\u5e78\u597d\u8be5\u8f6f\u4ef6\u5305\u652f\u6301 uninstall \u53cd\u5411\u5b89\u88c5\u3002<\/p>\n

\u7136\u540e\u5728 yast — software — software repositories \u7136\u540e\u6dfb\u52a0 openSuSE 13+\u4ee5\u4e0a\u7684 repo,<\/p>\n

\u518d \u7136\u540e\u8fdb\u5165 yast — software — software management \u7136\u540e\u641c\u7d22 bash \uff0c\u8fdb\u884c\u66f4\u65b0 update \u64cd\u4f5c\u5373\u53ef\u3002<\/p>\n

\u4fee\u590d\u8be5\u6f0f\u6d1e\u540e\uff0c\u63a2\u6d4b\u547d\u4ee4\u8bed\u53e5\u4f1a\u8f93\u51fa\u5982\u4e0b\u8fd9\u6837\uff1a<\/p>\n

ufqisrv002:~ # env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
\nbash: warning: x: ignoring function definition attempt
\nbash: error importing function definition for `x’
\nthis is a test<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

\u63a2\u6d4b\u8bed\u53e5\uff1a shell> env x='() { :;}; echo vu … \u7ee7\u7eed\u9605\u8bfb →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[7,2],"tags":[30,31],"_links":{"self":[{"href":"https:\/\/ufqi.com\/blog\/wp-json\/wp\/v2\/posts\/601"}],"collection":[{"href":"https:\/\/ufqi.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ufqi.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ufqi.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ufqi.com\/blog\/wp-json\/wp\/v2\/comments?post=601"}],"version-history":[{"count":2,"href":"https:\/\/ufqi.com\/blog\/wp-json\/wp\/v2\/posts\/601\/revisions"}],"predecessor-version":[{"id":603,"href":"https:\/\/ufqi.com\/blog\/wp-json\/wp\/v2\/posts\/601\/revisions\/603"}],"wp:attachment":[{"href":"https:\/\/ufqi.com\/blog\/wp-json\/wp\/v2\/media?parent=601"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ufqi.com\/blog\/wp-json\/wp\/v2\/categories?post=601"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ufqi.com\/blog\/wp-json\/wp\/v2\/tags?post=601"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}