Shellshock

Abstract: It is inevitable that all the softwares, whatever it is new or used for decades, are suffering from vulnerabilities. However, the vulnerabilities is being hailed as the biggest security issue in the security industry. The discovery of Shellshock bug makes a new understanding for the basic software. In this paper, we mainly investigate the principle of Shellshock bug, and also analyze the Hacker’s behavior of using this bug,Finally the solution is given. Introduction Shellshock bug is discovered in the most famous software GNU Bash in September 2014 (CVE2014-6271). The Bash version of Shellshock bug exists in Red Hat, CentOS, Ubuntu, Fedora, Amazon Linux, OS X 10.10, meanwhile, the effect of Shellshock is included but not limited to the widely used Bash of Unix, Linux, Mac OS X, due to the widespread usage of Bash in the operation system, which really threat the data supervised by these operation systems[1]. How the Shellshock bug is born? If one want to understand the principle of Shellshock bug, it is better to know how Bash deals with their variables, environment variables and environment variables functions. How Bash deal with variables GNU Bash has defined the variables via its port in order to improve users’ operation ability. The format of the variable is defined as follows: "variables name=value”. The father process of Bash variable is able to transmit to their child process or not? Here, the father process is the Shell port. Once the current port is typed Bash command, then the child Bash process is created, and type exit, the child process is ended. The specific result is shown in Fig. 1-1. Fig. 1-1 Bash variables Note: echo is used to print its parameter in Bash, if one variable is printed, it is necessary to add’ $’ in the front of the variable. As shown in Fig. 1-1, define a variable test in Bash, the value is test bash, then use echo to print the test variable, next use bash to create a child process, and try to print the $test variable, no return value is available. The reason why it happens is that a new bash child process is created, but the value of the variable is still in the father process. How to read the variables, next, lets see how bash deal with the environment variables. (1) How Bash deal with environment variables When you open a new Shell conversation, some variables are prepared for use, all these variables are called environment variables. If you want to visit the $test variable in the child process, the export command can be used to change the variable to environment variables, shown in Fig. 1-2. 2nd International Conference on Electrical, Computer Engineering and Electronics (ICECEE 2015) © 2015. The authors Published by Atlantis Press 1552 Fig. 1-2 how bash deal with environment variable (2) Bash function and environment variables In this subsection, we will introduce how bash deal with function and environment variables. In bash, it is so convenient to create a function in Bash. Then whether the function created by Bash in the father process can be inherited by child process, actually, it can be illustrated by Fig.1-3, similar to variable, the function in the father process can not be inherited. Fi.1-3 how bash deal with function Based on Fig.1-3, mark x as environment variable, then we can get the result shown in Fig.1-4. Fig.1-4Bash put function in the environment variable From Fig.1-4, create a function named X, and put X in the environment variables, then it is possible to run the X function. (3) turn string as function and then run First, this command: newfunction='() { echo ‘testbash’;}',seems to define a variable named newfunction, actually its value is the string parameter, in particular this string parameter define a function structure. Tested by Fig.1-5, the result is shown below. Fig.1-5Bash deal with the function with strings Turn the string shown in Fig.1-5 to the environment variable, and open a new Bash process shown in Fig.1-6, consequently, the newfunction is seems to run echo ‘testbash’. Fig.1-6turn string into environment variable Next input the command shown in Fig.1-7