Bugtraq mailing list archives
Re: tee see shell problems
From: szabo_p () maths su oz au (Paul Szabo)
Date: Wed, 18 Sep 1996 10:44:09 +1000
A vulnerability exists in tcsh (tcsh 6.05, or the one that's being handed out with BSDI anyway.) that allows the execution of arbitrary commands when changing into directories that are enclosed with back tic's.
It seems to me that the problem may be with the way you define your cd command: surely it is the expansion of $cwd, if containing backquotes, that does the damage. (csh is known to do several passes of variable and command substitution.) I have the following under /bin/csh, both with Apollo Domain/OS and DEC Alpha OSF/1 (dUNIX v3.2 or v4.0): tmp% pwd /tmp tmp% which cd alias/cd 'chdir !*; set prompt="$cwd:t% "' tmp% mkdir '`echo you lose; touch silly`' tmp% ls -l total 1 drwx------ 2 psz system 512 Sep 18 10:28 `echo you lose; touch silly` tmp% cd *echo* you lose% pwd /tmp/`echo you lose; touch silly` you lose% ls -l total 0 -rw------- 1 psz system 0 Sep 18 10:28 silly Paul Szabo - System Manager // School of Mathematics and Statistics psz () maths usyd edu au // University of Sydney, NSW 2006, Australia
Current thread:
- tee see shell problems test (Sep 13)
- <Possible follow-ups>
- Re: tee see shell problems David S. Goldberg (Sep 16)
- Re: tee see shell problems Alan Cox (Sep 17)
- Re: tee see shell problems Oleg Girko (Sep 17)
- Re: tee see shell problems Paul Szabo (Sep 17)