I was just wondering where to report a problem with the bash sandbox, the right syntax is not very hard to find, but I probably shouldn’t post it publicly anyways =)
Although the environment bash is running in is pretty bare (not much in /bin/ and /usr/bin/), it still seems to have unrestricted Internet access from an EC2 virtual machine, so someone could pretty easily upload their own binary and try to mine bitcoin through your AWS account, or who knows what else.
Here’s a HTTP request I sent to http://ifconfig.me with bash’s /dev/tcp to show that the bash process has network access:
HTTP/1.1 200 OK access-control-allow-origin: * content-type: text/plain; charset=utf-8 Content-Length: 11 date: Fri, 28 May 2021 22:24:20 GMT x-envoy-upstream-service-time: 1 Via: 1.1 google 18.104.22.168
I’ll be happy to communicate the details so that this gets fixed