Full Disclosure mailing list archives
Re: SSH Exploit Request
From: Valdis.Kletnieks () vt edu
Date: Sat, 15 Nov 2003 10:44:50 -0500
On Fri, 14 Nov 2003 22:21:30 PST, Jeremiah Cornelius said:
Solaris ('til v 7, at least) keeps a Bekeley-syntax shutdown in /usr/ucb/bin/
Remember what I said about "what happens if you set your root login shell to be /usr/local/bin/glitzy-shell?". Well, I've got a nice story about Solaris and /usr/ucb. I'm one of the gang of inindicted co-conspirators who are to blame for the Center for Internet Security benchmarks. One of the things the Solaris benchmark includes is cut-and-paste code to implement each recommendation. So anyhow, we get feedback from one site, complaining that some of their configuration files now have literal backslash tee backslash tee backslash tee where there should be a sequence of 3 tabs. I finally tracked that one down to the fact that the Solaris shell 'echo' builtin actually *checks* $PATH to see if /usr/ucb is in it, and if so, if it's before or after /usr/bin, and then emulates a SysV or BSD echo. And the BSD echo doesn't handle escape sequences the same way..... Whoops. We got to go through and replace all the echo's with printf's. Yes, a bug in our code. However, one totally unexpected, even by any of the large number of Solaris experts, and it didn't crop up on the first several hundred or thousand boxes it was tested on.... And *that* sort of bug is the one that answers the question "How could patching XYZ *possibly* take down a server?".....
Attachment:
_bin
Description:
Current thread:
- RE: SSH Exploit Request, (continued)
- RE: SSH Exploit Request g0d (Nov 14)
- Re: SSH Exploit Request Vladimir Parkhaev (Nov 14)
- Re: SSH Exploit Request g0d (Nov 14)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 14)
- Re: SSH Exploit Request Paul Schmehl (Nov 14)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 14)
- Re: SSH Exploit Request Paul Schmehl (Nov 14)
- Re: SSH Exploit Request madsaxon (Nov 14)
- Re: SSH Exploit Request Jeremiah Cornelius (Nov 14)
- Re: SSH Exploit Request madsaxon (Nov 14)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 15)
- Re: SSH Exploit Request Rodrigo Barbosa (Nov 14)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 14)
- IE Vulnerability Sites Edward W. Ray (Nov 14)
- Re: SSH Exploit Request Peter Moody (Nov 14)
- Re: SSH Exploit Request Chris Watson (Nov 14)
- Re: SSH Exploit Request Gregory A. Gilliss (Nov 14)
- Re: SSH Exploit Request Bryan Allen (Nov 15)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 15)
- Re: SSH Exploit Request Vladimir Parkhaev (Nov 15)
- Re: SSH Exploit Request Valdis . Kletnieks (Nov 15)