[5752] in bugtraq
Buggy /usr/bin shell scripts
daemon@ATHENA.MIT.EDU (obi@VIC20.DZP.SE)
Sat Dec 6 12:27:12 1997
Date: Sat, 6 Dec 1997 13:31:01 +0100
Reply-To: obi@VIC20.DZP.SE
From: obi@VIC20.DZP.SE
To: BUGTRAQ@NETSPACE.ORG
This is old news, but it seem to be around still.
Solaris 2.5.1 and 2.6:
$ ln -s /usr/bin/true /tmp/e
$ PATH=/tmp IFS=x /usr/bin/false
$ echo $?
0
This combined with the habit of giving non-login accounts /bin/false
as a shell feels dangerous.
Credits to Wilhelm Mueller for bringing it up in gnu.bash.bug in the
sense of a security related bug.