Bugtraq mailing list archives
Re: sperl 5.00503 (and newer ;) exploit
From: Olaf Kirch <okir () CALDERA DE>
Date: Mon, 7 Aug 2000 12:35:36 +0200
On Sat, Aug 05, 2000 at 07:19:36PM +0200, Michal Zalewski wrote:
c) /bin/mail has undocumented feature; if interactive=something, it will interpret ~! sequence even if not running on the terminal;
Well, some "unfortunate" features come back again and again. I recall INN's control scripts used to have a similar problem, three years ago. I'm sort of torn between whether to blame sperl for using mail rather than syslog, or for doing so without cleaning up the environment. Apart from the ~! expansion problem, there seems to be at least another one lurking which is that it'll try to load ~/.mailrc, and ~ is replaced with the value of $HOME. Any setuid root program that does an exec() somewhere is just a less user friendly version of su. I have a wonderful proof of this claim, but unfortunately the margin is too small to hold it :-) Olaf -- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okir () monad swb de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax okir () caldera de +-------------------- Why Not?! ----------------------- UNIX, n.: Spanish manufacturer of fire extinguishers.
Current thread:
- sperl 5.00503 (and newer ;) exploit Michal Zalewski (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Michal Zalewski (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Olaf Kirch (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Joey Hess (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Pixel (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Francis J. Lacoste (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Greg A. Woods (Aug 09)
- Re: sperl 5.00503 (and newer ;) exploit Thomas Roessler (Aug 10)
- Re: sperl 5.00503 (and newer ;) exploit H. Peter Anvin (Aug 11)
- Re: sperl 5.00503 (and newer ;) exploit Olaf Kirch (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Michal Zalewski (Aug 07)
- <Possible follow-ups>
- Re: sperl 5.00503 (and newer ;) exploit Paul Rogers (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Solar Designer (Aug 07)
- Re: sperl 5.00503 (and newer ;) exploit Simon Cozens (Aug 07)