[Info-vax] And now bash has a vulnerability Was: Re: Malware in kernel mode OT: Larry Ellison takes retirement as CEO of Oracle

[JF Mezei]

On 14-09-25 13:22, Simon Clubley wrote:

> They are if the VMS based software trusts what is in an environment
> variable in the same way as it does when running under Unix.


VMS was "hit" by this problem a long long time ago with the INQUIRE
command. This is why one never uses INQUIRE and has to use READ to
ensure input cannot be interpreted as a command.

A lot of software has similar problems, including SQL with SQL injection
problems.