Date: Sun, 11 Feb 1996 15:22:21 -0800 From: Michael Constant <mconst@csua.berkeley.edu> To: freebsd-security@freebsd.org Subject: sliplogin hole? Message-ID: <199602112322.PAA13282@zarquon.hip.berkeley.edu>
next in thread | raw e-mail | index | archive | help
This applies to 2.1-RELEASE, which is what I'm running. Forgive me if it has been fixed in -current; I haven't seen anything on freebsd-security about it, though. The sliplogin(8) manpage recommends using lines of the following form in /etc/sliphome/slip.hosts: Sfoo `hostname` foo netmask The problem with this is that the `hostname` portion is passed directly to the shell, without any processing -- as root. This means J. Random Slip-User can create a script called ~/bin/hostname that does whatever he wants, and (as long as ~/bin is before /bin in his path) his script will be run as root the next time he types "sliplogin foo". - Michael Constant
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602112322.PAA13282>