Menno I believe that is the old test, not entirely accurate.
This one is supposed to be more accurate.
rm -f echo; env X='() { (a)=\' bash -c echo date; cat echo
If you're safe it should return:
date
cat: echo: No such file or directory
I'm no BASH expert so I'm not too sure how the two tests
How to know I have the secure version?
root@debian-wheezy:~# bash --version
GNU bash, version 4.2.37(1)-release (x86_64-pc-linux-gnu)
root@ubuntu-12.04:~# bash --version
GNU bash, version 4.2.25(1)-release (x86_64-pc-linux-gnu)
both upgraded for the second time today, just before sending this
At a command prompt:
# env x='() { :;}; echo vulnerable' bash -c echo this is a test
vulnerable
this is a test
After updating the result should be:
# env x='() { :;}; echo vulnerable' bash -c echo this is a test
bash: warning: x: ignoring function definition attempt
bash: error importing
