From owner-freebsd-security  Mon Jan 17 19:24: 5 2000
Delivered-To: freebsd-security@freebsd.org
Received: from anarcat.dyndns.org (phobos.IRO.UMontreal.CA [132.204.20.20])
	by hub.freebsd.org (Postfix) with ESMTP id C53E114FDF
	for <freebsd-security@FreeBSD.ORG>; Mon, 17 Jan 2000 19:24:01 -0800 (PST)
	(envelope-from spidey@anarcat.dyndns.org)
Received: by anarcat.dyndns.org (Postfix, from userid 1000)
	id D2F031BEC; Mon, 17 Jan 2000 22:19:28 -0500 (EST)
From: Spidey <beaupran@iro.umontreal.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14467.56256.337327.619067@anarcat.dyndns.org>
Date: Mon, 17 Jan 2000 22:19:28 -0500 (EST)
To: Omachonu Ogali <oogali@intranova.net>
Cc: Alexander Langer <alex@big.endian.de>,
	Jonathan Fortin <jonf@revelex.com>, freebsd-security@FreeBSD.ORG
Subject: Re: sh?
References: <20000117165325.C5975@cichlids.cichlids.com>
	<Pine.BSF.4.10.10001171427030.92711-100000@hydrant.intranova.net>
X-Mailer: VM 6.72 under 21.1 (patch 8) "Bryce Canyon" XEmacs Lucid
Reply-To: beaupran@iro.umontreal.ca
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

These exploits can generally be trivially modified to use another
shell.

And anyways, once sh is launched and it's not supposed to (read: root
shell), it's generally too late.. :))

The AnarCat

--- Big Brother told Omachonu Ogali to write, at 14:28 of January 17:
> On all systems.
> 
> Take a look at some shellcode in the most recent exploits, they either
> bind /bin/sh to a port via inetd or execute some program using /bin/sh.
> 
> Omachonu Ogali
> Intranova Networking Group
> 
> On Mon, 17 Jan 2000, Alexander Langer wrote:
> 
> > Thus spake Omachonu Ogali (oogali@intranova.net):
> > 
> > > Most of the exploits out there use /bin/sh to launch attacks.
> > 
> > On FreeBSD?
> > 
> > Alex
> > 
> > -- 
> > I doubt, therefore I might be. 
> > 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
Si l'image donne l'illusion de savoir
C'est que l'adage pretend que pour croire,
L'important ne serait que de voir

Lofofora


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message