Bugtraq mailing list archives
Re: Buggy /usr/bin shell scripts
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Sun, 7 Dec 1997 11:56:41 +0100
This is old news, but it seem to be around still. Solaris 2.5.1 and 2.6: $ ln -s /usr/bin/true /tmp/e $ PATH=/tmp IFS=x /usr/bin/false $ echo $? 0 This combined with the habit of giving non-login accounts /bin/false as a shell feels dangerous.
Whether this is a bug or a (mis)feature is open for some debate, the shell imports all variables so why not import IFS? $PATH also influences shell scripts. Solaris 2.x login will filter IFS and other environment variables, but "su" and other don't filter it, so using /bin/false as only protective measure is not sufficient for denying local attacks. Solaris 2.next /bin/sh will no longer import IFS from the environment. Casper
Current thread:
- Buggy /usr/bin shell scripts obi () VIC20 DZP SE (Dec 06)
- Microsoft, CNET, BUGTRAQ and the 'land' attack Geoffrey King (Dec 06)
- Re: Microsoft, CNET, BUGTRAQ and the 'land' attack Aleph One (Dec 08)
- KSR[T] #005: Dillon crontab / crond KSR[T] (Dec 09)
- cgiwrap-3.5 (and 3.6beta1, Duncan Simpson (Dec 06)
- Re: Buggy /usr/bin shell scripts Casper Dik (Dec 07)
- Microsoft, CNET, BUGTRAQ and the 'land' attack Geoffrey King (Dec 06)