Date: Tue, 10 Oct 2000 20:38:16 -0400 From: "Brian F. Feldman" <green@FreeBSD.org> To: Peter Pentchev <roam@orbitel.bg> Cc: achilov@granch.ru, Przemyslaw Frasunek <venglin@freebsd.lublin.pl>, freebsd-security@FreeBSD.org Subject: Re: ncurses buffer overflows (fwd) Message-ID: <200010110038.e9B0cH562984@green.dyndns.org> In-Reply-To: Message from Peter Pentchev <roam@orbitel.bg> of "Wed, 11 Oct 2000 03:02:34 %2B0300." <20001011030234.B28063@ringwraith.office1.bg>
next in thread | previous in thread | raw e-mail | index | archive | help
Peter Pentchev <roam@orbitel.bg> wrote: > On Tue, Oct 10, 2000 at 09:50:28PM +0700, Rashid N. Achilov wrote: > > Przemyslaw Frasunek wrote: > > > > > > On Tue, Oct 10, 2000 at 07:02:30AM -0700, Cy Schubert - ITSD Open Systems Group wrote: > > > > For those of you who don't subscribe to BUGTRAQ, here's a heads up. > > > > > > And the exploit (in attachment). > > > > > > > Press any key to continue...sentry:[shelton] 150>sh systat.sh > > setenv: not found > > systat.sh: 69: Syntax error: Bad fd number > > Press any key to continue... > > Uhm.. it explicitly says '#!/bin/csh' at the start; why are you running > it with 'sh'? The canonical lazy person's execution method for scripts is "shell script.shell", because it is easier than "chmod +x script.shell; ./ script.shell". C shell scripts are supposed to be named .csh for consistency, or nothing at all. -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010110038.e9B0cH562984>