0

I am checking my systems with the following command:

env X="() { :;} ; echo busted" /bin/sh -c "echo completed"

Which gives me: "completed", with no "busted", which seems good. So I tried again with:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

Which results in:

bash: warning: testbug: ignoring function definition attempt
bash: error importing function definition for `testbug'
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Which again, seems good. However, when I run:

env x='()' ; echo vulnerable; bash -c "echo this is a test"

I get a dump of all environmental vars, followed by:

_=/usr/bin/env
x=()
vulnerable
bash: warning: testbug: ignoring function definition attempt
bash: error importing function definition for `testbug'
this is a test

Now I am concerned. Should I be?

EDIT: The two references to 'testbug' are due to a prior test which defined that variable. I unset that variable and the rest of the output still shows up

David Wilkins
  • 443
  • 4
  • 8

1 Answers1

2

You are having bash execute the commands separated by ';' in turn. This is normal behavior and not an indicator that the bug's patch is inadequate.

HorseHair
  • 171
  • 7
  • Fair enough, but why is it dumping everything as if I ran `printenv`? – David Wilkins Sep 25 '14 at 19:31
  • DESCRIPTION env executes utility after modifying the environment as specified on the command line. The option name=value specifies an environmental variable, name, with a value of value. --- So, env is doing what is expected in this case. – HorseHair Sep 25 '14 at 19:51