[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV Alleged Lynx security emergency
|
From: |
Wayne Buttles |
|
Subject: |
Re: LYNX-DEV Alleged Lynx security emergency |
|
Date: |
Tue, 1 Jul 1997 08:18:21 -0400 (EDT) |
On Tue, 1 Jul 1997, H E Nelson wrote:
> I assumed that the bug if there is one is in the cp program.
> All Lynx was doing was letting people exploit the bug in cp,
> i.e., when cp crashed, the user was left with a shell (sh).
I don't see any bug in cp. cp did exactly what it was told. The problem
is that semicolons were being honored by the system() call and we were
executing multiple statements...one of them being a shell. Try it
yourself from a shell prompt:
echo hello ; echo there
I still see no way to get root directly via this hack.
Wayne
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
- LYNX-DEV Alleged Lynx security emergency, Thomas Jones, 1997/06/30
- Re: LYNX-DEV Alleged Lynx security emergency, Jim Dennis, 1997/07/01
- Re: LYNX-DEV Alleged Lynx security emergency, H E Nelson, 1997/07/01
- Re: LYNX-DEV Alleged Lynx security emergency, Foteos Macrides, 1997/07/01
- Re: LYNX-DEV Alleged Lynx security emergency, Foteos Macrides, 1997/07/01
- Re: LYNX-DEV Alleged Lynx security emergency, Scott McGee (Personal), 1997/07/01
- Re: LYNX-DEV Alleged Lynx security emergency, H E Nelson, 1997/07/01