如果返回下列结果表示存在bash 安全威胁
$ env x=‘() { :;}; echo vulnerable‘ bash -c "echo this is a test"
vulnerable
this is a test
补丁修复了这个缺陷,确保bash函数的尾部不允许额外的代码。所以如果你用打过补丁的bash版本运行上面这个例子,应该得到类似这样的输出:
$ env x=‘() { :;}; echo vulnerable‘ bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x‘
this is a test
补丁下载地址:https://rhn.redhat.com/errata/RHSA-2014-1293.html#Red Hat Enterprise Linux (v. 5 server)
原文:http://5073392.blog.51cto.com/5063392/1560275