I think there is an easier substitution attack since there is shell expansion oc... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ddtaylor 8 days ago \| parent \| context \| favorite \| on: Sleeper Shells: Attackers Are Planting Dormant Bac... I think there is an easier substitution attack since there is shell expansion occuring. I will toy with it later today.

		help

PhilipRoman 8 days ago | [–]

The array indexing thing is a special case in [[...]] which is otherwise more-or-less secure (no expansion occurs under typical unquoted variable access). https://news.ycombinator.com/item?id=46631811

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact