This is old news, but it seem to be around still. Solaris 2.5.1 and 2.6: $ ln -s /usr/bin/true /tmp/e $ PATH=/tmp IFS=x /usr/bin/false $ echo $? 0 This combined with the habit of giving non-login accounts /bin/false as a shell feels dangerous. Credits to Wilhelm Mueller for bringing it up in gnu.bash.bug in the sense of a security related bug.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:34:59 PDT