bound to happen sooner or later. 

It schopuld be possible  possible to hack linux. Hacking the bash shell is one of the most efficient  methods. How clever is it to create a gtk or qt hack/virus or one that affects libc6 or the kernel .? To be honest it isn`t . Code is to big and changes to quickly,

But the bash shell has been  nearly constant for years . So searching a bug there was more clever for these people damn.

Was bound to happen, and vulnerabilities in routing systems are truly much worse than individual systems being compromised by a Trojan etc.  Compromise a router or infect/poison DNS and you can wreak havoc on entire networks of systems.

Code subversion such as this will only become a more and more frequent occurrence as these days everyone's reliance on networked systems is almost complete.  99% up-time used to be promised by and accepted for critical routing/networking infrastructure.  These days?  Damn close to 100% is required to run our critical infrastructure.  We are vulnerable, and the future of cyber warfare will show us all just how vulnerable that is.

And that's the truth. 

All because YOU didn't discuss local and group privileges.

I hope you're pleased with yourself, you bad boy! 

I knew it!   The world will collapse and it'll all be monk's fault!  hehe 

No there has to collapse more than linux. And my linux system bash shell is insecure damn. Tested it.

Most current distros have already released a patch for the bash package. Easy to fix with a zypper, yum or apt-get update.

My point really is, that all systems are vulnerable (each in their own ways) and these days we're finding more and more vulnerabilities in systems that were previously thought to be [near] impervious to assault.  We now have more critical systems infrastructure running on those systems so when those systems are shown to be vulnerable (routing systems, network appliances etc. etc.) there is actually more at stake than some poor joe's 'workstation'.

yeah.

There will be  applications to find bugs automatically with reasonable amount of cpu in every program in future.

The better the virus protection is , the viruses itself would be smaller and more intelligently written.

Did see a simple word virus file some time ago. it was only an escape sequence, the normal word header and tehn zeros. 

And the bash virus consist only in executing something before  ;: and writing that to a variable without explicit definition in the way a normal human would write a script. Seems to be a virus that overflows  memory  and cpu and can do other nice things of course to. Such a simple lack and it had been there for years damn.

regards bluedxca93 

yeah.

There will be  applications to find bugs automatically with reasonable amount of cpu in every program in future.

The better the virus protection is , the viruses itself would be smaller and more intelligently written.

Did see a simple word virus file some time ago. it was only an escape sequence, the normal word header and tehn zeros. 

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
 vulnerable
 this is a test

another example: 

VAR='() { echo plop; }; bad_code' bash -c 'echo on lance un sous-shell'

Code was allowed and executed after the end of a Bash function NICE WORK THX!!!

 Seems to be a virus that could  overflows  memory  and cpu and can do other nice things of course to. Such a simple lack and it had been there for years damn.

regards bluedxca93 

We know, monk...and we know who's to blame for these grievous oversights. Straighten up and fly right! Sheesh.