A security hole + FIX(?)
Mikael Pettersson
mikpe at senilix.liu.se
Fri Mar 25 09:03:26 AEST 1988
In article <175 at pcsbst.UUCP> jh at pcsbst.UUCP (Johannes Heuft) writes:
>In article <892 at cosmo.UUCP> jum at cosmo.UUCP (Jens-Uwe Mager(sysop))
>reveals the IFS trick.
> ...
>Does somebody care to comment or add to the list??
The IFS stuff can be dealt with by patching the shell. Those with source
could easily add a putenv("IFS= \t\n") (or something equivalent) in some
convenient place to stop the shell from inheriting IFS.
If you don't have source, you could do what I did on a SVR2(-like) machine
I'm administrating. Write a small program that simply does:
putenv("IFS= \t\n");
execv("/bin/.real-sh", argv);
and call it /bin/sh. (you mv'd /bin/sh to /bin/.real-sh before of course!).
This works Ok on my machine. Does anybody know of any reasons why somehting
like this shouldn't be done?
>The IFS problem is fixed in SVR3.
How?
--
Mikael Pettersson ! Internet:mpe at ida.liu.se
Dept of Comp & Info Science ! UUCP: mpe at liuida.uucp -or-
University of Linkoping ! {mcvax,munnari,uunet}!enea!liuida!mpe
Sweden ! ARPA: mpe%ida.liu.se at uunet.uu.net
More information about the Comp.bugs.sys5
mailing list