Bugtraq mailing list archives

Re: Multiple vendors FTP denial of service

From: peterw () usa net
Date: Wed, 21 Mar 2001 15:46:56 -0500

At Wed, 21 Mar 2001 00:55:03 +0200 , Stefan Laudat <stefan () WORLDBANK RO> wrote:

.... and as a quick fix for nasty shell users having bash prompts on your machine, just
enter 'set -f' in the /etc/profile.


...which users can override with 'set +f'

Of course, until we will get a fixed bash or
a fixed libc(?).


Oh, please. Then the user writes/gets an app that abuses the system
in another way. As another reader mentioned, for shells this is a resource
limit problem, and attacking /bin/sh is the *wrong* way to "fix" the
local exploit concerns.

-Peter

Current thread:

Re: Multiple vendors FTP denial of service, (continued)
- - - Re: Multiple vendors FTP denial of service The Flying Hamster (Mar 21)
- Re: Multiple vendors FTP denial of service Mike Gleason (Mar 16)
  - Re: Multiple vendors FTP denial of service Crist Clark (Mar 19)
- Re: Multiple vendors FTP denial of service JT (Mar 19)
- Re: Multiple vendors FTP denial of service D. J. Bernstein (Mar 19)
  - Re: Multiple vendors FTP denial of service jedi (Mar 20)
- Re: Multiple vendors FTP denial of service Pawel Wilk (Mar 20)
- Re: Multiple vendors FTP denial of service Interstellar Overdrive (Mar 23)
- Re: Multiple vendors FTP denial of service Stefan Laudat (Mar 21)
  - Re: Multiple vendors FTP denial of service Nate Eldredge (Mar 22)
  - Re: Multiple vendors FTP denial of service peterw (Mar 22)
  - Re: Multiple vendors FTP denial of service Markku Savela (Mar 22)
- Multiple vendors FTP denial of service Peter Timothey Hessler (Mar 21)