Date: Mon, 17 Jan 2000 14:41:29 -0500 From: Keith Stevenson <k.stevenson@louisville.edu> To: Omachonu Ogali <oogali@intranova.net>, freebsd-security@FreeBSD.ORG Subject: Re: sh? Message-ID: <20000117144129.B85360@osaka.louisville.edu> In-Reply-To: <Pine.BSF.4.10.10001171427030.92711-100000@hydrant.intranova.net> References: <20000117165325.C5975@cichlids.cichlids.com> <Pine.BSF.4.10.10001171427030.92711-100000@hydrant.intranova.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 17, 2000 at 02:28:07PM -0500, Omachonu Ogali wrote: > On all systems. > > Take a look at some shellcode in the most recent exploits, they either > bind /bin/sh to a port via inetd or execute some program using /bin/sh. So? $ uname -a Linux vhost 2.2.10 #7 SMP Fri Nov 5 14:00:24 EST 1999 i686 unknown $ ls -l /bin/sh lrwxrwxrwx 1 root root 4 Jul 1 1999 /bin/sh -> bash /bin/sh exists on Linux too. (Bash is a good enough clone that a bit of shell code will never know the difference.) $ uname -a AIX athena 3 4 00002F0E4C00 $ ls -l /bin/sh -r-xr-xr-x 4 bin bin 240326 Dec 02 17:27 /bin/sh Hey look. It's on AIX too. (I'll bet it exists on just about everything that calls itself Unix...) BTW, /bin/sh is required to exist by a host of standards. (IEEE Std1003.2 (``POSIX.2'') comes to mind) Can you please either explain _WHY_ this is a problem or drop the thread? Regards, --Keith Stevenson-- -- Keith Stevenson System Programmer - Data Center Services - University of Louisville k.stevenson@louisville.edu PGP key fingerprint = 4B 29 A8 95 A8 82 EA A2 29 CE 68 DE FC EE B6 A0 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000117144129.B85360>