Reply to post: Re: Even perl has some resemblance of CGI security

Bad boy builds beastly Bash bug botnet, boxen battered

-tim
Devil

Re: Even perl has some resemblance of CGI security

Bash cgis tend to fall into the category of informational only. They don't take any inputs at all and just provide info. Those are now open to abuse since a simple wget with the right parameters can cause them to do all sorts of hackery things.

Oddly enough other shells that can share functions with subshells have similar problems. Some even allow overwriting things like cp, ls or cat and you can guess that most "write only" cgis written in a shell will use at least one of them.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020