Wonderful how team fully recognizes that the use_shell option is a massive security footgun. So they warn users. In a separate document, not linked from the option’s documentation. Never mind not explaining which characters are ok, so users are bound to get it wrong.

Follow

Protip: if you need more than a paragraph of text to describe how a feature is used securely, then maybe you shouldn’t have that feature in the first place. If you need more than a sentence, there should probably be a huge “Do not use unless you know what you are doing!” warning.

· · Web · 0 · 0 · 2
Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.