A security hole (/bin/sh IFS)
Chris Torek
chris at mimsy.UUCP
Tue Mar 15 19:25:19 AEST 1988
Incidentally, note that the 4.3BSD /bin/sh does not import IFS from
the environment (like Doug Gwyn's BRL sh), except that it does this
*only* if you are root or if geteuid()!=getuid(). (Making it an exception
for root/setuid is, I think, bogus.)
--
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain: chris at mimsy.umd.edu Path: uunet!mimsy!chris
More information about the Comp.bugs.sys5
mailing list