Home page logo

bugtraq logo Bugtraq mailing list archives

Re: BoS: tee see shell problems
From: travis () EvTech com (Travis Hassloch x231)
Date: Mon, 16 Sep 1996 14:29:53 -0500

In message <Pine.LNX.3.94.960913223432.23513A-100000 () primeline net> you write:
I just tested a variation of this exploit with bash 1.14.6(1)
running on Linux 2.0.13.  By using my variation I managed to become root.

Funny, I couldn't get it to work on Solaris:

bash$ bash -version
GNU bash, version 1.14.5(1)
bash$ ls -la
total 12
drwx------  2 travis         60 Sep 16 14:20 .
drwxrwxrwx  5 root          949 Sep 16 14:20 ..
-rwx------  1 travis         61 Sep 16 14:23 .WaReZ
bash$ cat .WaReZ
echo Im a lamer, lookatmee whohoo
touch /tmp/bar
echo u loze
bash$ pwd
/tmp/`source .WaReZ'
bash$ cd ..
bash$ cd *W*
bash$ ls -la /tmp/bar
/tmp/bar not found
bash$ pwd
/tmp/`source .WaReZ'

# to prove that it really works:
bash$ source .WaReZ
Im a lamer, lookatmee whohoo
u loze

Am I missing something here?
I also tried simpler names like /tmp/`echo hi` - again, didn't work.

  By Date           By Thread  

Current thread:
  • Re: BoS: tee see shell problems Travis Hassloch x231 (Sep 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]