Bash bug

This is a short (local) test of the bash bug, announced in September 2014. Check out the reference [vox.com] to learn more about the story behind the bug and its impact.

The machine runs Ubuntu Server 14.04 LTS.

$ uname -a
Linux amgspc 3.13.0-35-generic #62-Ubuntu SMP Fri Aug 15 01:58:42
UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

The distribution bash package is on version 4.3.11(1).

$ bash --version
GNU bash, version 4.3.11(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

The bug, showing an arbitrary execution during an environment variable definition.

$ env AMGS='() { :;}; echo hey' bash -c "echo foobar"
hey
foobar

After update, the version number does not change. However, behavior does:

$ env AMGS='() { :;}; echo hey' bash -c "echo foobar"
bash: warning: AMGS: ignoring function definition attempt
bash: error importing function definition for `AMGS'
foobar

References

http://www.vox.com/2014/9/25/6843949/the-bash-bug-explained

Be the first to leave a comment. Don’t be shy.

Join the Discussion

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>