[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] No shell => secure?

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] No shell => secure?
From: Vincent Archer <varcher@xxxxxxxxxxx>
Date: Mon, 12 Jul 2004 09:35:48 +0200

On Fri, Jul 09, 2004 at 02:29:28PM -0500, Ron DuFresne wrote:
> out that you will most likely end up with an unusable system.  On a number
> of vender OS', if the sh shell of csh shell, hooked to root user and
> startup scripts is not the expected defaults, those OS's fail to function
> properly on and tween reboots.

What's worse, system() (which is used quite a bit, even if you're running
zero shell scripts) usually execs /bin/sh -c "your_parameter" on most
library implementations. Nuke /bin/sh, don't forget to rewrite your
C library.

-- 
Vincent ARCHER
varcher@xxxxxxxxxxx

Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 5, rue Scribe - 75009 Paris - France
www.denyall.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] No shell => secure?
  - From: Matthias Benkmann
- Re: [Full-Disclosure] No shell => secure?
  - From: Ron DuFresne

Prev by Date: RE: [Full-Disclosure] iDEFENSE Security Advisory 07.12.04: Adobe Reader 6.0 Filename Handler Buffer Overflow Vulnerability
Next by Date: Re: [Full-Disclosure] Firefox 0.92 DoS via TinyBMP & Thunderbird 0.72 & Outlook Express (latest Version)
Previous by thread: Re: [Full-Disclosure] No shell => secure?
Next by thread: Re: [Full-Disclosure] No shell => secure?
Index(es):
- Date
- Thread