Re: Forwared to me

From: Illuminatus Primus (vermontat_private)
Date: Mon Jul 13 1998 - 09:54:11 PDT

Next message: Simple Nomad: "Netware 4.x Attack Tool Announcement"

Previous message: Raymond Medeiros: "Re: Forwared to me"
Maybe in reply to: Raymond Medeiros: "Forwared to me"
Next in thread: Jason Downs: "Re: Forwared to me"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 10 Jul 1998, Solar Designer wrote:

> > # mv /usr/bin/finger /usr/bin/finger.exe
> > # cat > /usr/bin/finger
> > #!/bin/sh
> > exec /usr/bin/finger.exe -m $*
> > ^D
> > # chmod +x /usr/bin/finger
>
> Hmm, weird, this doesn't look safe to me. Why trust the extra parsing done
> by the shell?
>

Which happens to include filename globbing.

This "fix" will now allow people to do:

finger '/*@hostname'..

Which could reveal a lot more information than finger was intended to..

Not to mention

finger '/*/*/*/*/*@hostname'

.. which might turn out to be a far worse DOS than the original attack.

If we are forced to use a shell,
#!/bin/sh
exec /usr/bin/finger -m "$*"

will prevent the arguments from being globbed, at least with my version of
bash (2.02.0(1)-release).

-Illuminatus Pimpus
 vermontat_private

Next message: Simple Nomad: "Netware 4.x Attack Tool Announcement"
Previous message: Raymond Medeiros: "Re: Forwared to me"
Maybe in reply to: Raymond Medeiros: "Forwared to me"
Next in thread: Jason Downs: "Re: Forwared to me"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:04:16 PDT