Even if you change system("clear") to system("/usr/ucb/clear"), the user can
still invoke lizards in a /bin/sh environment where IFS contains the "/"
character and simply provide something called "usr" in their path which
invokes a root shell. Unless Linux does something clever to prevent this, or
unless lizards is smart enough to check the IFS environment variable, that is.
In a brand spanking new AIX 3.2.5 system, the /usr/lpp/servinfo/servinfo
command (if installed) contains this sort of creature; if the
/usr/lpp/servinfo/data/siAPARs.db.Z file has not yet been uncompressed,
servinfo executes a system call to /usr/bin/uncompress -f to make it happen.
The servinfo command is mode 4755 owned by root and trusts the environment you
give it. On occasion this has come in handy. :)
I have also seen patched systems where servinfo is owned by nobody. (I don't
have the PTF number handy, surf the IBM web site for more info.) Then again,
it's occasionally useful to be known as nobody, too...
_Alex
#include <std/disclaim.h>
_____________________________________________________________________________
Alex Murray alex_murray@vnet.ibm.com
IBM Canada, Call Centre Solutions +1 905 316-4243 fax 316-2156
_http://www.can.ibm.com/ccs__________________________________________________