[TUHS] shell escapes in utilities

Ron Natalie ron at ronnatalie.com
Wed Aug 2 04:43:07 AEST 2023

The Sendmail WIZ bug was but one of the security disasters from shell 
escapes.    I remember IBM sending me an early RS/6000.    Booted the 
thing up but had no clue what root or any other password was.
So, I set to work hacking on it.   Now this thing had a physical key on 
the front.   Off, On, and a Wrench symbol.   OK, let’s try the wrench.   
  Boots up some sort of maintenance program.   After playing around with 
it a bit I find a help option.    This starts up a paginator (more or pg 
or something).    Sure enough you can shell escape otu of that.   
Instant root shell.    Now it’s trivial to change the root password and 
reboot in normal mode.

Yep, the need for shell escapes largely went away with windowing and job 

More information about the TUHS mailing list