Ask HN: Good ideas to defend against the bash RCE?
Hoping to create a discussion here on ideas on how to defend against the current bash RCE. Probably just a subset of existing "best practices" that are particularly relevant for the current attack vector for the bash RCE. Recommend keeping posts to one recommendation per post so that the best can filter up/down individually rather than as a set.
5 comments
[ 9.2 ms ] story [ 38.1 ms ] threadThis would make it harder for attackers to fetch/install more tools.
Watch for unexpected changes to public servers.
2. Understand the chain of how environment variable values might flow through your web stack. Eliminate them.