GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.
可以在 oss-sec 上面看到說明「Re: CVE-2014-6271: remote code execution through bash」：
Debian and other GNU/Linux vendors plan to disclose a critical, remotely exploitable security vulnerability in bash this week, related to the processing of environment variables. Stephane Chazelas discovered it, and CVE-2014-6271 has been assigned to it.
透過環境變數打進去... Redhat 的「Bash specially-crafted environment variables code injection attack」這篇也給了不少例子。
Linux 下通常最常用的 shell 應該還是 Bash 吧？(雖然也看到不少人用 Zsh...)
然後 Twitter 上看到非常邪惡的 Google Hack：