berknet security hole

jmrubin jmrubin
Wed Nov 25 15:18:47 AEST 1981


Nsh, the shell used by network, does not look for ";"'s in the string when
it makes sure than the command is free.  Thus, the command:

net -m ROGUEVAX -l network "who > /dev/null ; forbidden blaah blech"

works, where forbidden is a command ususally prohibited to network, but
y be necessary to give the
full path name of the forbidden command--depending on how network's $PATH
compares to the average user's $PATH.)



More information about the Comp.bugs.2bsd mailing list