|
|
|
|
|
|
by NegativeK
210 days ago
|
|
|
It's a vulnerability via pathing, not a worry that the shebang script could be malicious. Someone may have dropped a malicious executable somewhere in the user's path that the shebang calls. The someone shouldn't be able to do that, but "shouldn't" isn't enough for security. Or maybe the relatively pathed executable has unexpected interactions with the shebanged script, compared to what the script author expected. Etc. |
|
|