Date: Thu, 30 May 2002 07:10:50 -0500 From: "Jacques A. Vidrine" <nectar@freebsd.org> To: cjclark@alum.mit.edu Cc: security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc Message-ID: <20020530121050.GB81267@madman.nectar.cc> In-Reply-To: <20020529154113.D12700@blossom.cjclark.org> References: <200205291636.g4TGaZX40801@freefall.freebsd.org> <20020529133852.B12700@blossom.cjclark.org> <20020529210334.GA5544@madman.nectar.cc> <20020529154113.D12700@blossom.cjclark.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 29, 2002 at 03:41:13PM -0700, Crist J. Clark wrote: > I guess I should have explained my concern more. I'm thinking some > l33t kid out there is going to look at that and say, "I can just do, > > # echo -e "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc > > And not have to worry about all of that /bin/sh stuff at the front..." > and thus outsmart himself. He wouldn't realize you are counting on > features of the echo builtin in sh(1) and not /bin/echo or the csh(1) > echo builtin. The above commands don't work as desired for a > non-sh(1)-ish shell. > > I'm curious to see how many posts to the list might appear as people > do just that. The same logic could be applied to patches, with absurd results. You are describing an administrator who knows just enough to be dangerous. We can't help him. We aim to provide directions in advisories that are as cut-n-paste as possible. Cheers, -- Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020530121050.GB81267>