bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: BASH_FUNC__ appearing in environment


From: Eduardo A . Bustamante López
Subject: Re: BASH_FUNC__ appearing in environment
Date: Thu, 27 Nov 2014 10:22:52 -0600
User-agent: Mutt/1.5.23 (2014-03-12)

On Thu, Nov 27, 2014 at 03:43:05AM -0800, steveT wrote:
> I am not sure if this is the correct place to raise this - I have tried 
> specific Fedora and bash forums, but with no joy so far.
Bash forums :-)? I'm interested on knowing which ones!

> This may be expected behaviour, but it seems so random. The above seems to be 
> related to rcs, but I also intermittently get similar entries for 
> BASH_FUNC__sudo. I am not sure if these functions appearing in my environment 
> poses any sort of issue - but I have never seen such entries appear before.
> 
> Any ideas as to what they are and why/when/how they are appearing in my 
> environment?
This is expected. Where were you when the shellshock crisis happened? Before
shellshock, bash would export functions by using something like this:

$ name='(){ echo foo; }' bash -c name
foo

But, this turned out to be a big issue, because of a bug in how bash parsed
that function definition, which allowed bad people to do nasty stuff, like:

USER_AGENT='(){ echo foo; }; cat /etc/passwd' ...

(bash was being used for CGI scripts, which pass around some HTTP headers
as environment variables)

This became a mess very quickly, with more and more parser bugs coming out
that would make that bug even more dangerous, so a solution was introduced
by RedHat variants (including Fedora, I guess), of prefixing these
function definitions with the special 'BASH_FUNC_'. This helped reduce the
attack surface. In the end, the official bash patch took a similar path, by
using that prefix, but also adding a %% suffix:

address@hidden:~$ f(){ echo foo; }; export -f f; env|grep %% -A1
BASH_FUNC_f%%=() {  echo foo
}


Wikipedia has an entry, if you want to read more:
http://en.wikipedia.org/wiki/Shellshock_%28software_bug%29



reply via email to

[Prev in Thread] Current Thread [Next in Thread]