[16129] in bugtraq
Re: sperl 5.00503 (and newer ;) exploit
daemon@ATHENA.MIT.EDU (Joey Hess)
Tue Aug 8 03:23:31 2000
Mail-Followup-To: Joey Hess <joey@kitenet.net>, Olaf Kirch <okir@CALDERA.DE>,
BUGTRAQ@SECURITYFOCUS.COM, wakkerma@debian.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20000807153852.W19216@kitenet.net>
Date: Mon, 7 Aug 2000 15:38:52 -0700
Reply-To: Joey Hess <joey@KITENET.NET>
From: Joey Hess <joey@KITENET.NET>
X-To: Olaf Kirch <okir@CALDERA.DE>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000807123536.A9156@monad.swb.de>; from okir@CALDERA.DE on Mon,
Aug 07, 2000 at 12:35:36PM +0200
Olaf Kirch wrote:
> I'm sort of torn between whether to blame sperl for using mail rather
> than syslog, or for doing so without cleaning up the environment.
> Apart from the ~! expansion problem, there seems to be at least
> another one lurking which is that it'll try to load ~/.mailrc, and
> ~ is replaced with the value of $HOME.
... and you just have to set interactive in .mailrc. This works around
the patches I've seen for mailx that stop it from looking at the
environment for that variable.
Another fun one that doesn't require interactive be set at all is:
joey@kite:~>echo hi > foo
joey@kite:~>echo "please don't kill me" > important
joey@kite:~>record=/home/joey/important mail joey < foo
You have new mail.
joey@kite:~>cat important
please don't kill me
From joey Mon Aug 7 15:25:07 2000
To: joey
hi
--
see shy jo
