[TUHS] shell escapes in utilities
Ron Natalie
ron at ronnatalie.com
Wed Aug 2 04:43:07 AEST 2023
The Sendmail WIZ bug was but one of the security disasters from shell
escapes. I remember IBM sending me an early RS/6000. Booted the
thing up but had no clue what root or any other password was.
So, I set to work hacking on it. Now this thing had a physical key on
the front. Off, On, and a Wrench symbol. OK, let’s try the wrench.
Boots up some sort of maintenance program. After playing around with
it a bit I find a help option. This starts up a paginator (more or pg
or something). Sure enough you can shell escape otu of that.
Instant root shell. Now it’s trivial to change the root password and
reboot in normal mode.
Yep, the need for shell escapes largely went away with windowing and job
control.
More information about the TUHS
mailing list