Shell shock

The folks that come up with these titles like heartbleed and then shellshock really should be in marketing.

I’m not going post on the what and why . There are many resources online that can be searched.

Let’s just say, that this is bad in lacking bounds checking.

cd /tmp; rm -f /tmp/hacked; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/hacked
date

The reality is that security is always taken lightly and put to the back seat for convenience. Bourne Again Shell in my humble opinion is not the issue, but the process to which it can be utilized.

Pages: 1 2

Leave a Reply