men*_*nte 36
No, it doesn't affect ZSH.
You still MUST update bash as most of the system scripts are written for bash and vulnerable to the shellshock bug.
To test your ZSH do this:
env x='() { :;}; echo vulnerable' zsh -c 'echo hello'
What exactly does this code do?
env x='() { :;}; echo vulnerable' creates an environment variable with known bug using command in the end of variablezsh -c 'echo hello' launches ZSH shell with simple hello (and evaluating all env variables including x)If you see output:
vulnerable
hello
Then your ZSH is vulnerable. Mine (5.0.2) is not:
$ env x='() { :;}; echo vulnerable' zsh -c 'echo hello'
hello
小智 6
From this link:
You can determine if you are vulnerable to the original problem in CVE-2014-6271 by executing this test:
env x='() { :;}; echo vulnerable' bash -c 'echo hello'
If you see the word vulnerable in the output of that command your bash is vulnerable and you should update. Below is a vulnerable version from OS X 10.8.5:
env x='() { :;}; echo vulnerable' bash -c 'echo hello'
vulnerable
hello
The following output is an example of a non-vulnerable bash version.
$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
hello
它不会影响zshshell 可执行文件,因为它的源代码从未包含错误。和
之间有很多相似之处,但它们是相互独立地实现的。相同的功能以两种不同的方式实现,并且 - 在这种情况下更重要 - 通常有不同的错误。bashzsh
它确实间接地影响与zsh终端中 shell 的交互工作,几乎与使用bash.
的使用bash是如此普遍,以至于人们难以避免称之为它。
zsh,但实际上包含bash. #!/bin/bash用于指定bash为解释器的 shell 脚本。您假设的许多命令是二进制文件,但它们是 shell 脚本,其中一些使用bash.
在许多显式执行 shell 的地方,bash可能会使用,并且可能需要。
xargs命令,或git涉及参数的别名| 归档时间: |
|
| 查看次数: |
8165 次 |
| 最近记录: |