This might be slightly off topic compared to what you guys usually talk about,but consider this as an open discussion about security.
As all of you might heard,there is a newly found bug in bash that could be exploited and cause more havoc compared to the previous bug involving OpenSSL.
Just out of curiosity is there a possibility of the same bug being found on batch? I mean it's hard to believe that we didn't found this flaw earlier.If there are people dedicating their time exploring everything batch-related in here,then we can say the same to bash.
Or is there any reasons why the odds might be better for batch?
More on ShellShock
http://www.troyhunt.com/2014/09/everyth ... about.html
ShellShock
Moderator: DosItHelp
-
ShadowThief
- Expert
- Posts: 1167
- Joined: 06 Sep 2013 21:28
- Location: Virginia, United States
Re: ShellShock
Screenshot directly from the link you posted:
Re: ShellShock
In batch there are not a feature like define a function on environment variable as bash, you can save instructions in a environment variable as any text, but no save it as a real function. So when batch read environment variable block, it not interpret it. And also, not execute text code inside a environment variable, unless you expand that variable using the simple method: %%