From owner-freebsd-security  Mon Jan 17 22:47: 3 2000
Delivered-To: freebsd-security@freebsd.org
Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2])
	by hub.freebsd.org (Postfix) with ESMTP id A804115093
	for <freebsd-security@FreeBSD.ORG>; Mon, 17 Jan 2000 22:47:00 -0800 (PST)
	(envelope-from jwyatt@rwsystems.net)
Received: from bsdie.rwsystems.net([209.197.223.2]) (1219 bytes) by bsdie.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@rwsystems.net>) 
	id <m12ASP0-000CCZC@bsdie.rwsystems.net>
	for <freebsd-security@FreeBSD.ORG>; Tue, 18 Jan 2000 00:46:06 -0600 (CST)
	(Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7)
Date: Tue, 18 Jan 2000 00:46:05 -0600 (CST)
From: James Wyatt <jwyatt@rwsystems.net>
To: Keith Stevenson <k.stevenson@louisville.edu>
Cc: Omachonu Ogali <oogali@intranova.net>,
	freebsd-security@FreeBSD.ORG
Subject: Re: sh?
In-Reply-To: <20000117144129.B85360@osaka.louisville.edu>
Message-ID: <Pine.BSF.4.10.10001180041560.95375-100000@bsdie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 17 Jan 2000, Keith Stevenson wrote:
> On Mon, Jan 17, 2000 at 02:28:07PM -0500, Omachonu Ogali wrote:
> > On all systems.
> > 
> > Take a look at some shellcode in the most recent exploits, they either
> > bind /bin/sh to a port via inetd or execute some program using /bin/sh.
> 
> So?
	[ ... ]
> $ uname -a
> AIX athena 3 4 00002F0E4C00
> 
> $ ls -l /bin/sh
> -r-xr-xr-x   4 bin      bin       240326 Dec 02 17:27 /bin/sh

Of course, on AIX it is really /usr/bin/ksh (as is /bin/{tsh,psh}) and you
can use some ksh grammar in it. It ignores some ksh stuff, though - Jy@



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message