
if (search(env, "*=()*") != -1) { reject ("Detected an inappropriate environment variable. Request rejected."); }Any attempt to launch the shell now via PowerBroker for UNIX & Linux using pbrun will result in the command being rejected: $ env x='() { :;}; echo VulX' y='() { :;}; echo VulY' pbrun bash -c 'echo testing' pbrunVERSION [PID]: Detected an inappropriate environment variable. Request rejected. You can see what this looks like when attempted on a host protected with PowerBroker for UNIX & Linux here:

- Enable users to perform specified administrative tasks without disclosing passwords
- Integrate all policies, roles and log data via a web-based console
- Automate workflows for policies and audit-ready logging
- Broker permissions transparently, ensuring user productivity and compliance
- Record and index all sessions for quick discovery during audits
- Leverage across more than 30 different Unix/Linux platforms
Paul Harper, Product Manager, BeyondTrust
Paul Harper is product manager for Unix and Linux solutions at BeyondTrust, guiding the product strategy, go-to-market and development for PowerBroker for Unix & Linux, PowerBroker for Sudo and PowerBroker Identity Services. Prior to joining BeyondTrust, Paul was a senior architect at Quest Software/Dell. Paul has more than 20 years of experience in Unix/Linux operations and deployments.