From owner-freebsd-security Wed Oct 11 13: 4: 3 2000 Delivered-To: freebsd-security@freebsd.org Received: from peak.mountin.net (peak.mountin.net [207.227.119.2]) by hub.freebsd.org (Postfix) with ESMTP id E0DCE37B502 for ; Wed, 11 Oct 2000 13:03:56 -0700 (PDT) Received: (from daemon@localhost) by peak.mountin.net (8.9.1/8.9.1) id PAA16750; Wed, 11 Oct 2000 15:03:51 -0500 (CDT) (envelope-from jeff-ml@mountin.net) Received: from dial-71.max1.wa.cyberlynk.net(207.227.118.71) by peak.mountin.net via smap (V1.3) id sma016748; Wed Oct 11 15:03:25 2000 Message-Id: <4.3.2.20001011145807.00b85580@207.227.119.2> X-Sender: jeff-ml@207.227.119.2 X-Mailer: QUALCOMM Windows Eudora Version 4.3 Date: Wed, 11 Oct 2000 15:03:30 -0500 To: Dragos Ruiu , Robert.Watson@peak.mountin.net From: "Jeffrey J. Mountin" Subject: Re: ncurses buffer overflows (fwd) Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <0010102350400T.40602@smp.kyx.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:46 PM 10/10/00 -0700, Dragos Ruiu wrote: CC's trimmed >On Tue, 10 Oct 2000, Robert Watson wrote: > >The general gyst is the following: shells > > (especially when running in single-user mode for some reason) will tend to > > execute shell scripts themselves, rather than using the interpreter > > defined in the file (not in multi-user mode?). > >This behaviour seems to make sense for single user mode, >where you may have dropped down to with intent of repairing >things. Not all the partitions may be mounted and those >other shells may not be available.... Don't normally run shell scripts in single user mode, but all the system shells are in /bin and should be available. Always make to add ksh in there as well. The other day made a mistake and did a 'sh