From owner-freebsd-security  Mon Jan 17 11:40: 5 2000
Delivered-To: freebsd-security@freebsd.org
Received: from aeon.ineocom.com (station139.ispdeveloper.com [207.245.22.139])
	by hub.freebsd.org (Postfix) with ESMTP id E41E214D1B
	for <freebsd-security@FreeBSD.ORG>; Mon, 17 Jan 2000 11:39:52 -0800 (PST)
	(envelope-from scarr@ineocom.com)
Received: by aeon.ineocom.com (Postfix, from userid 1000)
	id 348C11F29; Mon, 17 Jan 2000 14:39:53 -0500 (EST)
Received: from localhost (localhost [127.0.0.1])
	by aeon.ineocom.com (Postfix) with ESMTP
	id 2FC329B36; Mon, 17 Jan 2000 14:39:53 -0500 (EST)
Date: Mon, 17 Jan 2000 14:39:53 -0500 (EST)
From: scarr <scarr@ineocom.com>
To: Omachonu Ogali <oogali@intranova.net>
Cc: Alexander Langer <alex@big.endian.de>,
	Jonathan Fortin <jonf@revelex.com>, freebsd-security@FreeBSD.ORG
Subject: Re: sh?
In-Reply-To: <Pine.BSF.4.10.10001171427030.92711-100000@hydrant.intranova.net>
Message-ID: <Pine.BSF.4.10.10001171436120.7973-100000@aeon.ineocom.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


I think this is mostly because /bin/sh is known to always be there, no
matter what unix-like system you're using.  I know when I'm writing a
shell script that needs to be ultimately portable I use /bin/sh (as
painful as it may be).  If you're going to write a shell script in bash or
ksh you're gambling on the fact that they system in question has it
installed.  

Of course, there could be other factors.  Does anyone know if sh is used
for these types of things for any other reason than portability?

On Mon, 17 Jan 2000, Omachonu Ogali wrote:

> On all systems.
> 
> Take a look at some shellcode in the most recent exploits, they either
> bind /bin/sh to a port via inetd or execute some program using /bin/sh.
> 
> Omachonu Ogali
> Intranova Networking Group
> 
> On Mon, 17 Jan 2000, Alexander Langer wrote:
> 
> > Thus spake Omachonu Ogali (oogali@intranova.net):
> > 
> > > Most of the exploits out there use /bin/sh to launch attacks.
> > 
> > On FreeBSD?
> > 
> > Alex
> > 
> > -- 
> > I doubt, therefore I might be. 
> > 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message