Hacker News new | past | comments | ask | show | jobs | submit login

Or even the standard "echo xxx | base64 -d" or a million other ways. How can someone say that bash is not interesting to an attacker is beyond me.



But bash isn't a key ingredient in any of these. The exact same payload could easily be insert in the project's source code, and has the benefit of being persistent. Using a bash shell to do it might be the most obvious way, sure, but shutting down bash access is such a poor defense that it isn't worth doing.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: