berknet security hole
jmrubin
jmrubin
Wed Nov 25 15:18:47 AEST 1981
Nsh, the shell used by network, does not look for ";"'s in the string when
it makes sure than the command is free. Thus, the command:
net -m ROGUEVAX -l network "who > /dev/null ; forbidden blaah blech"
works, where forbidden is a command ususally prohibited to network, but
y be necessary to give the
full path name of the forbidden command--depending on how network's $PATH
compares to the average user's $PATH.)
More information about the Comp.bugs.2bsd
mailing list