Hacker News new | past | comments | ask | show | jobs | submit login

Dang. Unfortunately I am not vulnerable, and I use default ohmyzsh.

This is a neat bug, though. Lots of package managers have similar problems, and I would not be surprised if there's a lot of git/shell/environment problems left to find.




Why is it unfortunate that you're not vulnerable? Isn't that a good thing?


He's an applications security researcher. That stuff is fun for him.


Oh god why. Use https://github.com/sorin-ionescu/prezto


Are you not going to give a reason?


Yeah I guess it was presented without a reason.

Code quality is pretty much the reason though. The oh-my-zsh maintainer himself even wrote a post once upon a time about how not to run an OSS project.

Prezto forked the project and cleaned up everything quite nicely a long time ago.


lol I'm using prezto, and I was pwn'd! Looks like OMZ is doing things nicely where prezto fails :)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: