Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: No shell => secure?
From: Vincent Archer <varcher () denyall com>
Date: Mon, 12 Jul 2004 09:35:48 +0200

On Fri, Jul 09, 2004 at 02:29:28PM -0500, Ron DuFresne wrote:
out that you will most likely end up with an unusable system.  On a number
of vender OS', if the sh shell of csh shell, hooked to root user and
startup scripts is not the expected defaults, those OS's fail to function
properly on and tween reboots.

What's worse, system() (which is used quite a bit, even if you're running
zero shell scripts) usually execs /bin/sh -c "your_parameter" on most
library implementations. Nuke /bin/sh, don't forget to rewrite your
C library.

-- 
Vincent ARCHER
varcher () denyall com

Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 5, rue Scribe - 75009 Paris - France
www.denyall.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]