mailing list archives
Re: No shell => secure?
From: Vincent Archer <varcher () denyall com>
Date: Mon, 12 Jul 2004 09:35:48 +0200
On Fri, Jul 09, 2004 at 02:29:28PM -0500, Ron DuFresne wrote:
out that you will most likely end up with an unusable system. On a number
of vender OS', if the sh shell of csh shell, hooked to root user and
startup scripts is not the expected defaults, those OS's fail to function
properly on and tween reboots.
What's worse, system() (which is used quite a bit, even if you're running
zero shell scripts) usually execs /bin/sh -c "your_parameter" on most
library implementations. Nuke /bin/sh, don't forget to rewrite your
varcher () denyall com
Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 5, rue Scribe - 75009 Paris - France
Full-Disclosure - We believe in it.