try the following line on any machine you have (BASH bug)
env 'x=() { :;}; echo vulnerable' bash -c echo 'test'if you get the string 'vulnerable' (and you will because it fails in all versions of bash on osx and linux) then anyone anywhere can make your machine do anything remotely. essentially, the bug is that after defining a function bash in an environment string will continue to execute the rest of the line which could be anything. for details see: http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html Tim _______________________________________________ Axiom-developer mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/axiom-developer
