[19781] in bugtraq
Re: Multiple vendors FTP denial of service
daemon@ATHENA.MIT.EDU (peterw@usa.net)
Thu Mar 22 16:51:08 2001
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID: <200103212046.PAA07668@rcn.com>
Date: Wed, 21 Mar 2001 15:46:56 -0500
Reply-To: peterw@usa.net
From: peterw@usa.net
X-To: Stefan Laudat <stefan@WORLDBANK.RO>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20010321005503.C10841@worldbank.ro>
At Wed, 21 Mar 2001 00:55:03 +0200 , Stefan Laudat <stefan@WORLDBANK.RO> wrote:
>.... and as a quick fix for nasty shell users having bash prompts on your machine, just
>enter 'set -f' in the /etc/profile.
...which users can override with 'set +f'
>Of course, until we will get a fixed bash or
>a fixed libc(?).
Oh, please. Then the user writes/gets an app that abuses the system
in another way. As another reader mentioned, for shells this is a resource
limit problem, and attacking /bin/sh is the *wrong* way to "fix" the
local exploit concerns.
-Peter
