Re: procmail

Olaf Kirch (okir@MONAD.SWB.DE)
Mon, 21 Jul 1997 18:11:36 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Adam Morrison: "Re: Solaris ld.so possibly vulnerable?"
Previous message: Troy Bollinger: "AIX ping, lchangelv, xlock fixes"
Maybe in reply to: jamie: "procmail"
Next in thread: Adam Shostack: "Re: procmail"

On Mon, 21 Jul 1997 16:50:56 +0200, Casper Dik wrote:
> Shells will not honor meta characters inside variables.
>
> The shell will first parse (the phase in which meta chacretsr and keywords
> are detected) and only then will it do variabel substitution.
>
> Then it'll split stuff in words and only then wildcard expansion is done.

There's some weird effect with tcsh (I don't know if that's standard csh
behavior). When your shell script does a `set foo=$1' and the first
argument is "xx PATH=~ftp/incoming:/usr/bin:/bin" it will do two
simultaenous variable assignments, and thus overwrite the PATH variable
with the string the attacker specified.

Not sure if that qualifies as metacharacter expansion, but it's definitely
scary:-) Metamail had this problem, fwiw.

Olaf

--
Olaf Kirch         |  --- o --- Nous sommes du soleil we love when we play
okir@monad.swb.de  |    / | \   sol.dhoop.naytheet.ah kin.ir.samse.qurax
             For my PGP public key, finger okir@brewhq.swb.de.

Next message: Adam Morrison: "Re: Solaris ld.so possibly vulnerable?"
Previous message: Troy Bollinger: "AIX ping, lchangelv, xlock fixes"
Maybe in reply to: jamie: "procmail"
Next in thread: Adam Shostack: "Re: procmail"