Aucbonyx.204
net.2bsd-bugs
utzoo!decvax!ucbvax!ARPAVAX:Onyx:jmrubin
Wed Nov 25 15:18:47 1981
berknet security hole
Nsh, the shell used by network, does not look for ";"'s in the string when
it makes sure than the command is free.  Thus, the command:

net -m ROGUEVAX -l network "who > /dev/null ; forbidden blaah blech"

works, where forbidden is a command ususally prohibited to network, but
y be necessary to give the
full path name of the forbidden command--depending on how network's $PATH
compares to the average user's $PATH.)

-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <[email protected]>
of http://communication.ucsd.edu/A-News/


This Usenet Oldnews Archive
article may be copied and distributed freely, provided:

1. There is no money collected for the text(s) of the articles.

2. The following notice remains appended to each copy:

The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.

You are viewing proxied material from gopher.quux.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.