"whois -h tools at xxx.net" ?
Dale S. Johnson
Mon Mar 27 23:21:31 CEST 1995
> Laurent Joncheray (lpj at merit.edu) on March 27: > > Cool!... I'd really like to be able to do something like... > > > > whois -h whois.ra.net 'echo + > /etc/hosts.equiv' > > > > huh huh... > > -- The Cracker > > You wish Mr. Cracker. The server will run these programs with uid > other than root:-) Yep; they can run as "nobody". They are also be exec'd, with the parameters passed directly without globing, rather than using "system" or eval. Then again, if someone installs a link to /bin/sh on /usr/local/whois.bin, or installs a program there with a shell escape, Mr. Cracker can cover us all with cheeze-whiz. (PS: Didn't you mean this: % whois -h prdb.merit.edu 'aggis `echo * > /xz`' ?) --Dale -------- Logged at Tue Mar 28 14:03:22 MET DST 1995 ---------
[ rr-impl Archive ]