On Fri, 10 Jul 1998, Solar Designer wrote: > > # mv /usr/bin/finger /usr/bin/finger.exe > > # cat > /usr/bin/finger > > #!/bin/sh > > exec /usr/bin/finger.exe -m $* > > ^D > > # chmod +x /usr/bin/finger > > Hmm, weird, this doesn't look safe to me. Why trust the extra parsing done > by the shell? > Which happens to include filename globbing. This "fix" will now allow people to do: finger '/*@hostname'.. Which could reveal a lot more information than finger was intended to.. Not to mention finger '/*/*/*/*/*@hostname' .. which might turn out to be a far worse DOS than the original attack. If we are forced to use a shell, #!/bin/sh exec /usr/bin/finger -m "$*" will prevent the arguments from being globbed, at least with my version of bash (2.02.0(1)-release). -Illuminatus Pimpus vermontat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:04:16 PDT