Check your bash shell for vulnerability to the ShellShock exploit

x="() { :; }; echo x" bash -c :
If this command prints 'x' then your shell is vulnerable. Null output confirms that you are protected. Further reading: http://allanmcrae.com/2014/09/shellshock-and-arch-linux/
Sample Output
x

3
By: malathion
2014-12-08 22:21:18

These Might Interest You

  • checkfor: have the shell check anything you're waiting for. 'while : ; do' is an infinite loop '$*' executes the command passed in 'sleep 5' - change for your tastes, sleep for 5 seconds bash, ksh, likely sh, maybe zsh Ctrl-c to break the loop Show Sample Output


    1
    function checkfor () { while :; do $*; sleep 5; done; }
    relay · 2009-09-03 19:35:42 1
  • Dave Korn gave me this one. It works because ksh allows variable names ( w/o the $name syntax ) used by sh and bash. I wrote it to permit "single source" shell libraries; the current objective: every shell library may be sourced by either shell. see http://github.com/applemcg/backash Show Sample Output


    2
    isKsh () { one=1; [ one -eq 1 ] 2> /dev/null; }
    applemcg · 2014-11-18 20:45:12 0
  • Starts a new shell (in bash/sh, it starts bash/sh). 'man bash' explains: "If arguments remain after option processing, and neither the -c nor the -s option has been supplied, the first argument is assumed to be the name of a file containing shell commands. If bash is invoked in this fashion, $0 is set to the name of the file, and the positional parameters are set to the remaining arguments."


    0
    $0
    fhtagn · 2013-03-05 22:57:14 0
  • By default bash history of a shell is appended (appended on Ubuntu by default: Look for 'shopt -s histappend' in ~/.bashrc) to history file only after that shell exits. Although after having written to the history file, other running shells do *not* inherit that history - only newly launched shells do. This pair of commands alleviate that. Show Sample Output


    10
    $ history -a #in one shell , and $ history -r #in another running shell
    b_t · 2011-11-05 01:19:30 0

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands



Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: