Joe Zbiciak wrote: > John Dow said previously: > > | - but then again, my system("clear") wasn't particularly > | elegant either. How about system("/usr/bin/clear")? > > That won't work. An attack along these lines will slice through > that "fix" pretty quickly, if I'm not mistaken. > > export IFS=/ > export PATH=.:$PATH > echo "cp /bin/sh ./root_sh; chmod 4755 ./root_sh" > ./usr > chmod 755 ./usr > lizards Actually recent POSIX shells are immune to this kind of attack, since IFS is only used to split the result of parameter expansion. No shells under Linux has this behaviour. This system() call seems to be secure, but it is still bad practice. Recent shells disable .bashrc, $ENV etc. processing when euid != uid or egid != gid and functions are not imported (see the privileged option in the bash manual). > "system()" is just not cut out for security. Definitely. And its performance is also quite bad. It's a waste of resources to fork/exec a large shell just to execute a tiny program. Zoltan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:32:16 PDT