Aucbonyx.204
net.2bsd-bugs
utzoo!decvax!ucbvax!ARPAVAX:Onyx:jmrubin
Wed Nov 25 15:18:47 1981
berknet security hole
Nsh, the shell used by network, does not look for ";"'s in the string when
it makes sure than the command is free. Thus, the command:
net -m ROGUEVAX -l network "who > /dev/null ; forbidden blaah blech"
works, where forbidden is a command ususally prohibited to network, but
y be necessary to give the
full path name of the forbidden command--depending on how network's $PATH
compares to the average user's $PATH.)
-----------------------------------------------------------------
gopher://quux.org/ conversion by John Goerzen <
[email protected]>
of
http://communication.ucsd.edu/A-News/
This Usenet Oldnews Archive
article may be copied and distributed freely, provided:
1. There is no money collected for the text(s) of the articles.
2. The following notice remains appended to each copy:
The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996
Bruce Jones, Henry Spencer, David Wiseman.