Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yes. It was a bug in bash -- the Bourne again shell -- that permitted the execution of arbitrary code by embedding a function definition into environment variables. It was a Big Deal because it was remotely exploitable in systems that set environment variables according to user input before executing the shell -- the most severe was probably the Apache HTTP Server's CGI handler, which sets environment variables from HTTP header data.

I had the same initial reaction, though. "Kubernetes? Shellshock? Oh noes!"



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: