From owner-freebsd-security  Mon Jan 17 11:41:34 2000
Delivered-To: freebsd-security@freebsd.org
Received: from erouter0.it-datacntr.louisville.edu (erouter0.it-datacntr.louisville.edu [136.165.1.36])
	by hub.freebsd.org (Postfix) with ESMTP id 59BE314FD8
	for <freebsd-security@FreeBSD.ORG>; Mon, 17 Jan 2000 11:41:31 -0800 (PST)
	(envelope-from k.stevenson@louisville.edu)
Received: from osaka.louisville.edu (osaka.louisville.edu [136.165.1.114])
	by erouter0.it-datacntr.louisville.edu (Postfix) with ESMTP
	id 2E84124D5C; Mon, 17 Jan 2000 14:41:30 -0500 (EST)
Received: by osaka.louisville.edu (Postfix, from userid 15)
	id 805D918613; Mon, 17 Jan 2000 14:41:29 -0500 (EST)
Date: Mon, 17 Jan 2000 14:41:29 -0500
From: Keith Stevenson <k.stevenson@louisville.edu>
To: Omachonu Ogali <oogali@intranova.net>,
	freebsd-security@FreeBSD.ORG
Subject: Re: sh?
Message-ID: <20000117144129.B85360@osaka.louisville.edu>
References: <20000117165325.C5975@cichlids.cichlids.com> <Pine.BSF.4.10.10001171427030.92711-100000@hydrant.intranova.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0pre3i
In-Reply-To: <Pine.BSF.4.10.10001171427030.92711-100000@hydrant.intranova.net>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, Jan 17, 2000 at 02:28:07PM -0500, Omachonu Ogali wrote:
> On all systems.
> 
> Take a look at some shellcode in the most recent exploits, they either
> bind /bin/sh to a port via inetd or execute some program using /bin/sh.

So?

$ uname -a
Linux vhost 2.2.10 #7 SMP Fri Nov 5 14:00:24 EST 1999 i686 unknown
$ ls -l /bin/sh
lrwxrwxrwx   1 root     root            4 Jul  1  1999 /bin/sh -> bash

/bin/sh exists on Linux too.  (Bash is a good enough clone that a bit of shell
code will never know the difference.)

$ uname -a
AIX athena 3 4 00002F0E4C00

$ ls -l /bin/sh
-r-xr-xr-x   4 bin      bin       240326 Dec 02 17:27 /bin/sh

Hey look.  It's on AIX too.  (I'll bet it exists on just about everything that
calls itself Unix...)

BTW, /bin/sh is required to exist by a host of standards.
(IEEE Std1003.2 (``POSIX.2'') comes to mind)

Can you please either explain _WHY_ this is a problem or drop the thread?

Regards,
--Keith Stevenson--

-- 
Keith Stevenson
System Programmer - Data Center Services - University of Louisville
k.stevenson@louisville.edu
PGP key fingerprint =  4B 29 A8 95 A8 82 EA A2  29 CE 68 DE FC EE B6 A0


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message