Bugtraq mailing list archives
Re: procmail
From: okir () MONAD SWB DE (Olaf Kirch)
Date: Mon, 21 Jul 1997 18:11:36 +0200
On Mon, 21 Jul 1997 16:50:56 +0200, Casper Dik wrote:
Shells will not honor meta characters inside variables. The shell will first parse (the phase in which meta chacretsr and keywords are detected) and only then will it do variabel substitution. Then it'll split stuff in words and only then wildcard expansion is done.
There's some weird effect with tcsh (I don't know if that's standard csh behavior). When your shell script does a `set foo=$1' and the first argument is "xx PATH=~ftp/incoming:/usr/bin:/bin" it will do two simultaenous variable assignments, and thus overwrite the PATH variable with the string the attacker specified. Not sure if that qualifies as metacharacter expansion, but it's definitely scary:-) Metamail had this problem, fwiw. Olaf -- Olaf Kirch | --- o --- Nous sommes du soleil we love when we play okir () monad swb de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax For my PGP public key, finger okir () brewhq swb de.
Current thread:
- procmail jamie (Jul 18)
- Re: procmail Illuminatus Primus (Jul 20)
- Re: procmail Brock Rozen (Jul 21)
- Re: procmail Casper Dik (Jul 21)
- Re: procmail Olaf Kirch (Jul 21)
- Re: procmail Casper Dik (Jul 22)
- Re: procmail Illuminatus Primus (Jul 20)
- AIX ping (Exploit) Bryan P. Self (Jul 20)
- AIX ping, lchangelv, xlock fixes Troy Bollinger (Jul 21)
- Re: procmail Philip Guenther (Jul 20)
- AIX lchangelv (Exploit) Bryan P. Self (Jul 20)
- SNI-16: INN News Server Security Advisory Secure Networks Inc. (Jul 21)
- Re: SNI-16: INN News Server Security Advisory Christopher Samuel (Jul 28)
- Re: SNI-16: INN News Server Security Advisory Nathan J. Mehl (Jul 28)
- Re: SNI-16: INN News Server Security Advisory Christopher Samuel (Jul 28)
- Re: procmail Adam Shostack (Jul 21)