Bugtraq mailing list archives

Re: Small problem in AIX write command: Executes shell

From: hedley () CS BRIS AC UK (David Hedley)
Date: Fri, 1 Aug 1997 19:00:40 +0100


    Klaus> At least on our AIX 4.1.5, the "write" command for sending
    Klaus> messages to other users doesn't filter the message to be sent
    Klaus> w.r.t. shell metacharacters: Just pipe a "telnet localhost
    Klaus> chargen" into "write somebody", and you will receive error
    Klaus> messages saying that a "sh" tries to execute parts of the
    Klaus> text being sent. Modify the input to "write" a little bit (to
    Klaus> contain actual shell commands), and they will be executed.

I suggest you RTFM.

From the solaris 2.5.1 man page:


     If the character ! is found at  the  beginning  of  a  line,
     write  calls  the shell to execute the rest of the line as a
     command.

Regards,

David
--
 David Hedley (hedley () cs bris ac uk)
 finger hedley () cs bris ac uk for PGP key
 Computer Graphics Group | University of Bristol | UK

Current thread:

Re: Small problem in AIX write command: Executes shell David Hedley (Aug 01)
- <Possible follow-ups>
- Small problem in AIX write command: Executes shell DI. Dr. Klaus Kusche (Aug 01)
  - Re: Small problem in AIX write command: Executes shell David Holland (Aug 01)
    - comp.sys.sgi.bugs: YET another security alert (sigh) Arthur Hagen (Aug 04)
    - comp.sys.sgi.bugs: Re: YET another security alert (sigh) Forwarded by Kari Hurtta (Aug 05)
    - CPSR #8: identd Denial of Service Corinne Posse Releases (Aug 04)
    - Re: CPSR #8: identd Denial of Service Curt Sampson (Aug 04)
  - INND causes cancer in laboratory rats (fwd) Dan Fleisher (Aug 01)
    - Re: INND causes cancer in laboratory rats (fwd) thoth () PURPLEFROG COM (Aug 01)
    - Bugs in Debian Linux's ircd package Matt (Aug 01)
    - SSH LocalForward Kristof Van Damme (Aug 02)

(Thread continues...)