Full Disclosure mailing list archives
Re: No shell => secure?
From: Vincent Archer <varcher () denyall com>
Date: Mon, 12 Jul 2004 09:35:48 +0200
On Fri, Jul 09, 2004 at 02:29:28PM -0500, Ron DuFresne wrote:
out that you will most likely end up with an unusable system. On a number of vender OS', if the sh shell of csh shell, hooked to root user and startup scripts is not the expected defaults, those OS's fail to function properly on and tween reboots.
What's worse, system() (which is used quite a bit, even if you're running zero shell scripts) usually execs /bin/sh -c "your_parameter" on most library implementations. Nuke /bin/sh, don't forget to rewrite your C library. -- Vincent ARCHER varcher () denyall com Tel : +33 (0)1 40 07 47 14 Fax : +33 (0)1 40 07 47 27 Deny All - 5, rue Scribe - 75009 Paris - France www.denyall.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- No shell => secure? Matthias Benkmann (Jul 08)
- Re: No shell => secure? hax (Jul 08)
- Re: No shell => secure? npguy (Jul 09)
- Re: No shell => secure? Kevin Ponds (Jul 09)
- Re: No shell => secure? Matthias Benkmann (Jul 09)
- Re: No shell => secure? Ron DuFresne (Jul 09)
- Re: No shell => secure? Barry Fitzgerald (Jul 09)
- Re: No shell => secure? Vincent Archer (Jul 12)
- Re: No shell => secure? daniel uriah clemens (Jul 09)
- Re: No shell => secure? npguy (Jul 09)
- Re: No shell => secure? hax (Jul 08)
- Re: No shell => secure? Nick FitzGerald (Jul 09)
- Re: No shell => secure? Ron DuFresne (Jul 09)
- Re: No shell => secure? Valdis . Kletnieks (Jul 09)
- Re: No shell => secure? Matthias Benkmann (Jul 09)
- Re: No shell => secure? Valdis . Kletnieks (Jul 09)
- Re: No shell => secure? hax (Jul 09)
- Re: No shell => secure? st3ng4h (Jul 09)
- Re: No shell => secure? hax (Jul 09)
- Re: No shell => secure? Matthias Benkmann (Jul 09)