Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 11 Oct 2000 00:09:59 -0400 (EDT)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        "Brian F. Feldman" <green@FreeBSD.org>
Cc:        Peter Pentchev <roam@orbitel.bg>, achilov@granch.ru, Przemyslaw Frasunek <venglin@freebsd.lublin.pl>, freebsd-security@FreeBSD.org
Subject:   Re: ncurses buffer overflows (fwd) 
Message-ID:  <Pine.NEB.3.96L.1001011000711.28422E-100000@fledge.watson.org>
In-Reply-To: <200010110038.e9B0cH562984@green.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 10 Oct 2000, Brian F. Feldman wrote:

> > Uhm.. it explicitly says '#!/bin/csh' at the start; why are you running
> > it with 'sh'?
> 
> The canonical lazy person's execution method for scripts is "shell 
> script.shell", because it is easier than "chmod +x script.shell; ./
> script.shell".  C shell scripts are supposed to be named .csh for 
> consistency, or nothing at all.

We seem to have some bugs in how shells load and run shell scripts for
other shells, and in handling of scripts with invalid or bad #! lines at
the beginning.  I think I filed a PR a while ago about handling of scripts
in single-user mode in particular.  If you feel bored someday, you could
try and fix them :-).  The general gyst is the following: shells
(especially when running in single-user mode for some reason) will tend to
execute shell scripts themselves, rather than using the interpreter
defined in the file (not in multi-user mode?).  When a failure occurs in
locating or executing the interpreter, or if interpreters are recursive,
rather than failing (as the kernel execve call does), it will go ahead and
execute it using the current shell.  Doubt this could be exploited as a
security bug, but it is probably "wrong".  The kernel seems to correctly
handle layered interpreters by returning an image error (an interpreter
cannot be another interpreter, preventing recursion).

  Robert N M Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1001011000711.28422E-100000>