Buggy /usr/bin shell scripts

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Casper Dik: "Re: Buggy /usr/bin shell scripts"
• Previous message: Security Alert: "Re: HPUX rexecd bug on trusted system"
• Next in thread: Casper Dik: "Re: Buggy /usr/bin shell scripts"

Solaris 2.5.1 and 2.6:

$ ln -s /usr/bin/true /tmp/e
$ PATH=/tmp IFS=x /usr/bin/false
$ echo $?
0

This combined with the habit of giving non-login accounts /bin/false
as a shell feels dangerous.

Credits to Wilhelm Mueller for bringing it up in gnu.bash.bug in the
sense of a security related bug.

• Next message: Casper Dik: "Re: Buggy /usr/bin shell scripts"
• Previous message: Security Alert: "Re: HPUX rexecd bug on trusted system"
• Next in thread: Casper Dik: "Re: Buggy /usr/bin shell scripts"