Bugtraq mailing list archives
Re: Small problem in AIX write command: Executes shell
From: hedley () CS BRIS AC UK (David Hedley)
Date: Fri, 1 Aug 1997 19:00:40 +0100
Klaus> At least on our AIX 4.1.5, the "write" command for sending Klaus> messages to other users doesn't filter the message to be sent Klaus> w.r.t. shell metacharacters: Just pipe a "telnet localhost Klaus> chargen" into "write somebody", and you will receive error Klaus> messages saying that a "sh" tries to execute parts of the Klaus> text being sent. Modify the input to "write" a little bit (to Klaus> contain actual shell commands), and they will be executed. I suggest you RTFM.
From the solaris 2.5.1 man page:
If the character ! is found at the beginning of a line, write calls the shell to execute the rest of the line as a command. Regards, David -- David Hedley (hedley () cs bris ac uk) finger hedley () cs bris ac uk for PGP key Computer Graphics Group | University of Bristol | UK
Current thread:
- Re: Small problem in AIX write command: Executes shell David Hedley (Aug 01)
- <Possible follow-ups>
- Small problem in AIX write command: Executes shell DI. Dr. Klaus Kusche (Aug 01)
- Re: Small problem in AIX write command: Executes shell David Holland (Aug 01)
- comp.sys.sgi.bugs: YET another security alert (sigh) Arthur Hagen (Aug 04)
- comp.sys.sgi.bugs: Re: YET another security alert (sigh) Forwarded by Kari Hurtta (Aug 05)
- CPSR #8: identd Denial of Service Corinne Posse Releases (Aug 04)
- Re: CPSR #8: identd Denial of Service Curt Sampson (Aug 04)
- Re: Small problem in AIX write command: Executes shell David Holland (Aug 01)
- INND causes cancer in laboratory rats (fwd) Dan Fleisher (Aug 01)
- Re: INND causes cancer in laboratory rats (fwd) thoth () PURPLEFROG COM (Aug 01)
- Bugs in Debian Linux's ircd package Matt (Aug 01)
- SSH LocalForward Kristof Van Damme (Aug 02)