[TUHS] "/bin/sh: the biggest Unix security loophole"
Chet Ramey via TUHS
tuhs at tuhs.org
Thu Jan 16 00:51:15 AEST 2025
On 1/8/25 3:58 PM, Warren Toomey via TUHS wrote:
> On 9/1/25 03:15, Douglas McIlroy wrote:
>> I have sent a scan of Jim Reeds's 1984 technical memorandum on Bourne-
>> shell security risks to Warren Toomey for posting in the TUHS archives.
>>
>> Doug
>
> It's now available at https://www.tuhs.org/Archive/Documentation/
> TechReports/Bell_Labs/ReedsShellHoles.pdf
It's a great paper. I think the most interesting aspect is that the set
of loopholes Reeds concentrates on for the majority of the paper (Class 2)
aren't holes in the shell, per se. Except for the already-mentioned
behaviors of inheriting IFS from the environment and using it to split
all words, all of the weaknesses Reeds described are sloppy, but common,
programming practices in setuid programs. His conclusions are still
relevant.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet at case.edu http://tiswww.cwru.edu/~chet/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <http://www.tuhs.org/pipermail/tuhs/attachments/20250115/9e04d7be/attachment.sig>
More information about the TUHS
mailing list