Buggy /usr/bin shell scripts

From: obiat_private
Date: Sat Dec 06 1997 - 04:31:01 PST

Next message: Casper Dik: "Re: Buggy /usr/bin shell scripts"

Previous message: Kevin K. Sochacki: "HPUX rexecd bug on trusted system"
Next in thread: Casper Dik: "Re: Buggy /usr/bin shell scripts"
Reply: Casper Dik: "Re: Buggy /usr/bin shell scripts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is old news, but it seem to be around still.

Solaris 2.5.1 and 2.6:

$ ln -s /usr/bin/true /tmp/e
$ PATH=/tmp IFS=x /usr/bin/false
$ echo $?
0

This combined with the habit of giving non-login accounts /bin/false
as a shell feels dangerous.

Credits to Wilhelm Mueller for bringing it up in gnu.bash.bug in the
sense of a security related bug.

Next message: Casper Dik: "Re: Buggy /usr/bin shell scripts"
Previous message: Kevin K. Sochacki: "HPUX rexecd bug on trusted system"
Next in thread: Casper Dik: "Re: Buggy /usr/bin shell scripts"
Reply: Casper Dik: "Re: Buggy /usr/bin shell scripts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:34:59 PDT