Reply to post:

Bash bug: Shellshocked yet? You will be ... when this goes WORM


Ok, it's early and I haven't finished my coffee yet. Isn't this an injection vulnerability due to not escaping the remote input before using it to set the environment variable?

What is crafting the command which is setting the env with a function using the remotely supplied value?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019