Date: Wed, 23 Oct 1996 22:49:20 +0200 (MET DST) From: J Wunsch <j@uriah.heep.sax.de> To: marcs@worldgate.com (Marc Slemko) Cc: freebsd-bugs@FreeBSD.org (FreeBSD bugs list) Subject: Re: docs/1383 Message-ID: <199610232049.WAA27794@uriah.heep.sax.de> In-Reply-To: <Pine.BSI.3.95.961023081114.6581B-100000@valis.worldgate.com> from Marc Slemko at "Oct 23, 96 08:18:28 am"
next in thread | previous in thread | raw e-mail | index | archive | help
As Marc Slemko wrote: > > There are not much risks with `interpreted executables' other than > > the one described there. This one however can easily be avoided by > > suggesting > > > > #!/bin/sh > > exec /usr/sbin/ppp -direct > > > > in the man page. > > Not true. Doing so will NOT avoid the problem. Ahhhrg. I should have read the entire audit-trail before. Now i see that i've already looked at it earlier... The shell should really have the equivalent of csh -f. (sh -q? Any opinions on this?) The only alternative by now to your attack is putting a ``kill 0'' on top of /etc/shells. ;-) -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610232049.WAA27794>