bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rbash 2.05b security hole


From: Howard Atlas
Subject: rbash 2.05b security hole
Date: Thu, 14 Nov 2002 17:14:19 -0600 (CST)

rbash is not supposed to allow any commands that include a "/".  See below:


Display version of bash:
      piggy$ /bin/bash --version
      GNU bash, version 2.05b.0(1)-release (i686-pc-linux-gnu)
      Copyright (C) 2002 Free Software Foundation, Inc.
Show what shell we are using:
      piggy$ echo $0
      -rbash
Run a command using "/" in it?? not allowed in rbash??
      piggy$ /usr/bin/whoami
      piggy
Show what our path is:
      piggy$ echo $PATH
      /usr/restricted/bin
      piggy$






reply via email to

[Prev in Thread] Current Thread [Next in Thread]