Date: Mon, 17 Jan 2000 14:39:53 -0500 (EST) From: scarr <scarr@ineocom.com> To: Omachonu Ogali <oogali@intranova.net> Cc: Alexander Langer <alex@big.endian.de>, Jonathan Fortin <jonf@revelex.com>, freebsd-security@FreeBSD.ORG Subject: Re: sh? Message-ID: <Pine.BSF.4.10.10001171436120.7973-100000@aeon.ineocom.com> In-Reply-To: <Pine.BSF.4.10.10001171427030.92711-100000@hydrant.intranova.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I think this is mostly because /bin/sh is known to always be there, no matter what unix-like system you're using. I know when I'm writing a shell script that needs to be ultimately portable I use /bin/sh (as painful as it may be). If you're going to write a shell script in bash or ksh you're gambling on the fact that they system in question has it installed. Of course, there could be other factors. Does anyone know if sh is used for these types of things for any other reason than portability? On Mon, 17 Jan 2000, Omachonu Ogali wrote: > On all systems. > > Take a look at some shellcode in the most recent exploits, they either > bind /bin/sh to a port via inetd or execute some program using /bin/sh. > > Omachonu Ogali > Intranova Networking Group > > On Mon, 17 Jan 2000, Alexander Langer wrote: > > > Thus spake Omachonu Ogali (oogali@intranova.net): > > > > > Most of the exploits out there use /bin/sh to launch attacks. > > > > On FreeBSD? > > > > Alex > > > > -- > > I doubt, therefore I might be. > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10001171436120.7973-100000>