[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Another IE trick (Re: IE sucks : sun java virtual machine insecure tmp file creation)
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Another IE trick (Re: IE sucks : sun java virtual machine insecure tmp file creation)
- From: "Eric Paynter" <eric@xxxxxxxxxxxxxxx>
- Date: Fri, 9 Jul 2004 22:12:04 -0700 (PDT)
On Fri, July 9, 2004 5:40 pm, Nick FitzGerald said:
> Somewhat oddly
> (perhaps -- this is Windows after all...) simply trying to invoke them
> from a shell commandline results in an "Access is denied" error (Win2K
> SP4 -- YMMV) yet using a command of the form:
>
> <script_interpreter> <script_filename>
>
> (e.g. "cscript test.js" or "perl test.pl") or simply entering the
> script's filename into the Start/Run applet or double-clicking the
> script in Explorer sees the script "execute" just fine.
I expect this is because it is the interpreter that is executing, not the
script. The script is just opened for read by the interpreter. This is the
same with Windows file associations: the target is passed as a parameter
to the interpreter. If you "sh /tmp/script.sh", and /tmp is noexec,
script.sh will still run. Even if you chmod 644 /tmp/script.sh you can run
it with "sh /tmp/script.sh"
-Eric
--
arctic bears - affordable email and name services @yourdomain.com
http://www.arcticbears.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html