i recently came across the shellshock bug, which is a bug in the bash shell. somehow it uses the env command to create environment variables containing functions.
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
These functions then run when a new bash shell is spawned. i read at many places and got the same explanation that i just wrote. But i still cannot make out the working of the above command along with its parameters. can anyone explain?
env sets one or more environment variables and then runs the remaining arguments as a command.
It's not significantly different from the following syntax:
x='() { :;}; echo vulnerable' bash -c "echo this is a test"
One thing env can do (although the feature is not used in the above example) is create a clean environment; if the first option to env is a single - (or -i), then the environment is cleaned before doing the explicit assignments and running the command.