Re: Vulnerability in Glimpse HTTP

James Crawford Ralston (qralston+@PITT.EDU)
Mon, 14 Jul 1997 16:16:16 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: sni@SECNET.COM: "IRIX fam vulnerability"
Previous message: Alex Mottram: "World writable PID w/Linux ipop3d (Redhat 4.2)"
Maybe in reply to: Razvan Dragomirescu: "Vulnerability in Glimpse HTTP"

Excerpts from bugtraq: 10-Jul-97 Re: Vulnerability in Glimps.. Martin
Pool@PHAROS.COM.A (1533)

>> This is true, however in the context of this particular bug (Glimpse)
>> this isn't the case. The reason for this being that open() in perl does
>> not honour these escape characters.

> I think perl just passes the string to the shell program (set at compile
> time?) which is usually /bin/sh. So, most shells will interpret a
> linefeed or semicolon as a command separator, and some may take ^ as a
> pipe.

No; perl will only invoke the shell if the expression "contains shell
metacharacters". The logic perl uses to determine if an expression
"contains shell metacharacters" is in the do_exec() function (contained
in doio.c), in the perl source.

--
James Crawford Ralston \ qralston+@pitt.edu \ Systems and Networks [CIS]
University of Pittsburgh \ 600 Epsilon Drive \ Pittsburgh PA 15238-2887
"Computer, you and I need to have a little talk."  - O'Brien, ST:DS9

Next message: sni@SECNET.COM: "IRIX fam vulnerability"
Previous message: Alex Mottram: "World writable PID w/Linux ipop3d (Redhat 4.2)"
Maybe in reply to: Razvan Dragomirescu: "Vulnerability in Glimpse HTTP"