Bugtraq mailing list archives
Re: BoS: tee see shell problems
From: travis () EvTech com (Travis Hassloch x231)
Date: Mon, 16 Sep 1996 14:29:53 -0500
In message <Pine.LNX.3.94.960913223432.23513A-100000 () primeline net> you write:
I just tested a variation of this exploit with bash 1.14.6(1) running on Linux 2.0.13. By using my variation I managed to become root.
Funny, I couldn't get it to work on Solaris: bash$ bash -version GNU bash, version 1.14.5(1) bash$ ls -la total 12 drwx------ 2 travis 60 Sep 16 14:20 . drwxrwxrwx 5 root 949 Sep 16 14:20 .. -rwx------ 1 travis 61 Sep 16 14:23 .WaReZ bash$ cat .WaReZ echo Im a lamer, lookatmee whohoo touch /tmp/bar echo u loze bash$ pwd /tmp/`source .WaReZ' bash$ cd .. bash$ cd *W* bash$ ls -la /tmp/bar /tmp/bar not found bash$ pwd /tmp/`source .WaReZ' # to prove that it really works: bash$ source .WaReZ Im a lamer, lookatmee whohoo u loze Am I missing something here? I also tried simpler names like /tmp/`echo hi` - again, didn't work.
Current thread:
- Re: BoS: tee see shell problems Travis Hassloch x231 (Sep 16)