Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Jan Schaumann (jschauma@mstdn.social)'s status on Thursday, 09-Jan-2025 08:34:10 JST Jan Schaumann

"/bin/sh: the biggest #UNIX security loophole", by James A. Reeds, 1984
https://www.tuhs.org/Archive/Documentation/TechReports/Bell_Labs/ReedsShellHoles.pdf
All the tried and true ways to escalate privileges, including your common shell-out of setuid programs, PATH games, etc. with the conclusion we still see people having to learn repeatedly:
In conversation about a year ago from mstdn.social permalink
Attachments
1. Further, they should not execute any program whose name does not begin with a slash. In al cases they should check their arguments very carefully. They should not cal any of these dangerous subroutines: execip execvp popen system The last two of these can (as we saw above) can involve execution of extra shels not intended by the programmer. Each cal to any of the above, or ot any other form of exec should be preceded by a setuid(getuid()) if at all possible.
  https://media.mstdn.social/media_attachments/files/113/794/849/555/105/152/original/c1cbe61ac02770a7.png
- Haelwenn /элвэн/ :triskell: likes this.
- Embed this notice
  sirjofri@mastodon.sdf.org's status on Thursday, 09-Jan-2025 08:34:37 JST sirjofri
  in reply to
  
  @jschauma sh even has a weird syntax, especially if compared to rc.
  Funny story: I recently wrote a few imagemagick scripts. All sources complain about quoting and escaping. I had no issues like that with rc!
  
  In conversation about a year ago permalink
  
  Haelwenn /элвэн/ :triskell: likes this.

Public

Conversation

Notices

Feeds