Full Disclosure mailing list archives

Re: No shell => secure?

From: Vincent Archer <varcher () denyall com>
Date: Mon, 12 Jul 2004 09:35:48 +0200

On Fri, Jul 09, 2004 at 02:29:28PM -0500, Ron DuFresne wrote:

out that you will most likely end up with an unusable system.  On a number
of vender OS', if the sh shell of csh shell, hooked to root user and
startup scripts is not the expected defaults, those OS's fail to function
properly on and tween reboots.


What's worse, system() (which is used quite a bit, even if you're running
zero shell scripts) usually execs /bin/sh -c "your_parameter" on most
library implementations. Nuke /bin/sh, don't forget to rewrite your
C library.

-- 
Vincent ARCHER
varcher () denyall com

Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 5, rue Scribe - 75009 Paris - France
www.denyall.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

No shell => secure? Matthias Benkmann (Jul 08)
- Re: No shell => secure? hax (Jul 08)
  - Re: No shell => secure? npguy (Jul 09)
    - Re: No shell => secure? Kevin Ponds (Jul 09)
  - Re: No shell => secure? Matthias Benkmann (Jul 09)
    - Re: No shell => secure? Ron DuFresne (Jul 09)
    - Re: No shell => secure? Barry Fitzgerald (Jul 09)
    - Re: No shell => secure? Vincent Archer (Jul 12)
    - Re: No shell => secure? daniel uriah clemens (Jul 09)
- Re: No shell => secure? Nick FitzGerald (Jul 09)
- Re: No shell => secure? Ron DuFresne (Jul 09)
- Re: No shell => secure? Valdis . Kletnieks (Jul 09)
- Re: No shell => secure? Matthias Benkmann (Jul 09)
  - Re: No shell => secure? Valdis . Kletnieks (Jul 09)
  - Re: No shell => secure? hax (Jul 09)
  - Re: No shell => secure? st3ng4h (Jul 09)
    - Re: No shell => secure? hax (Jul 09)
- Re: No shell => secure? Matthias Benkmann (Jul 09)

(Thread continues...)