Home page logo

bugtraq logo Bugtraq mailing list archives

From: njs3 () DOC IC AC UK (Niall Smart)
Date: Tue, 2 Jun 1998 11:36:42 +0100

In my response to the patch posted for bash I stated that the same
functionality could be more easily achieved by removing the --noprofile
option and putting the equivalent commands in /etc/profile.  This claim
is completely bogus, as bash will only read /etc/profile when invoked
with *argv[0] == '-' or with the --login option.  Many thanks to the
innumerable people who reminded me of this.

This does not change the main point I was trying to make, namely that
getting around this "intrusion detection" technique is trivial.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]