[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: BASH_FUNC__ appearing in environment
From: |
steveT |
Subject: |
Re: BASH_FUNC__ appearing in environment |
Date: |
Thu, 27 Nov 2014 08:36:20 -0800 (PST) |
User-agent: |
G2/1.0 |
On Thursday, 27 November 2014 16:23:15 UTC, Eduardo A. Bustamante López wrote:
> On Thu, Nov 27, 2014 at 03:43:05AM -0800, steveT wrote:
> > I am not sure if this is the correct place to raise this - I have tried
> > specific Fedora and bash forums, but with no joy so far.
> Bash forums :-)? I'm interested on knowing which ones!
>
> > This may be expected behaviour, but it seems so random. The above seems to
> > be related to rcs, but I also intermittently get similar entries for
> > BASH_FUNC__sudo. I am not sure if these functions appearing in my
> > environment poses any sort of issue - but I have never seen such entries
> > appear before.
> >
> > Any ideas as to what they are and why/when/how they are appearing in my
> > environment?
> This is expected. Where were you when the shellshock crisis happened? Before
> shellshock, bash would export functions by using something like this:
>
> $ name='(){ echo foo; }' bash -c name
> foo
>
> But, this turned out to be a big issue, because of a bug in how bash parsed
> that function definition, which allowed bad people to do nasty stuff, like:
>
> USER_AGENT='(){ echo foo; }; cat /etc/passwd' ...
>
> (bash was being used for CGI scripts, which pass around some HTTP headers
> as environment variables)
>
> This became a mess very quickly, with more and more parser bugs coming out
> that would make that bug even more dangerous, so a solution was introduced
> by RedHat variants (including Fedora, I guess), of prefixing these
> function definitions with the special 'BASH_FUNC_'. This helped reduce the
> attack surface. In the end, the official bash patch took a similar path, by
> using that prefix, but also adding a %% suffix:
>
> dualbus@hp:~$ f(){ echo foo; }; export -f f; env|grep %% -A1
> BASH_FUNC_f%%=() { echo foo
> }
>
>
> Wikipedia has an entry, if you want to read more:
> http://en.wikipedia.org/wiki/Shellshock_%28software_bug%29
Eduardo,
Thanks for getting back to me.
I think I understood about shellshock, but what I still don't understand is why
these 'BASH_FUNC__' variables appear intermittently - ie what is exporting them
to the shell and why? They seem to appear randomly. At first, I thought it was
a side effect of scripts that I had written, but the scripts that appear to get
exported in my environment as 'BASH_FUNC__'seem to be linked to 'standard'
'bin' commands such as rcs and sudo.
I don't recall seeing this sort of effect under Fedora 16 or 18, just under
Fedora 20.
Is there any way that I can trace them back to their 'creator'?
- BASH_FUNC__ appearing in environment, steveT, 2014/11/27
- Re: BASH_FUNC__ appearing in environment, Eduardo A . Bustamante López, 2014/11/27
- Message not available
- Re: BASH_FUNC__ appearing in environment,
steveT <=
- Re: BASH_FUNC__ appearing in environment, konsolebox, 2014/11/27
- Message not available
- Re: BASH_FUNC__ appearing in environment, steveT, 2014/11/28
- Re: BASH_FUNC__ appearing in environment, steveT, 2014/11/28
- Re: BASH_FUNC__ appearing in environment, Geir Hauge, 2014/11/28
- Message not available
- Re: BASH_FUNC__ appearing in environment, steveT, 2014/11/28