i recently came across the shellshock bug, which is a bug in the bash shell. somehow it uses the env command to create environment variables containing functions.
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
These functions then run when a new bash shell is spawned. i read at many places and got the same explanation that i just wrote. But i still cannot make out the working of the above command along with its parameters. can anyone explain?
envsets one or more environment variables and then runs the remaining arguments as a command.It's not significantly different from the following syntax:
One thing
envcan do (although the feature is not used in the above example) is create a clean environment; if the first option toenvis a single-(or-i), then the environment is cleaned before doing the explicit assignments and running the command.