<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Sep 28, 2014 at 7:44 PM, Derek Atkins <span dir="ltr"><<a href="mailto:warlord@mit.edu" target="_blank">warlord@mit.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="">James Sumners <<a href="mailto:james.sumners@gmail.com">james.sumners@gmail.com</a>> writes:<br>
<br>
> The moral of this story: don't write CGI scripts in Bash.<br>
<br>
</span>It's more than just CGI, unfortunately. Anything that runs bash can be<br>
hit. For example, DHCP is succeptible.<div class=""><div id=":165" class="" tabindex="0"></div></div></blockquote></div><br>And then we have shenanigans like this -- <a href="https://github.com/jaburns/ngincat">https://github.com/jaburns/ngincat</a><br><br clear="all"><div><br></div>-- <br>James Sumners<br><a href="http://james.roomfullofmirrors.com/">http://james.roomfullofmirrors.com/</a><br><br>"All governments suffer a recurring problem: Power attracts pathological personalities. It is not that power corrupts but that it is magnetic to the corruptible. Such people have a tendency to become drunk on violence, a condition to which they are quickly addicted."<br><br>Missionaria Protectiva, Text QIV (decto)<br>CH:D 59
</div></div>