On Fri, Sep 26, 2014 at 11:59 AM, Doug Hughes <d...@will.to> wrote: > If the CGI in question is bash, this by itself is sufficient to get it to > execute code that it otherwise should not have.
Or if the CGI is executed by a mechanism which involves /bin/sh, *and* /bin/sh is bash. In this case, the language the CGI itself is written in is irrelevant. -- brandon s allbery kf8nh sine nomine associates allber...@gmail.com ballb...@sinenomine.net unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
