Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc

From: Crist J. Clark (crist.clark@attbi.com)
Date: 05/30/02 

Date: Wed, 29 May 2002 15:41:13 -0700
From: "Crist J. Clark" <crist.clark@attbi.com>
To: "Jacques A. Vidrine" <nectar@freebsd.org>

On Wed, May 29, 2002 at 04:03:34PM -0500, Jacques A. Vidrine wrote:
> On Wed, May 29, 2002 at 01:38:52PM -0700, Crist J. Clark wrote:
> > > /bin/sh -c 'echo -e "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc'
> >
> > Ick. How about,
> >
> > # /usr/bin/printf "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc
> >
> > Next time?
>
> *shrug* One could prescribe any number of alternatives to achieve the
> modification. I chose this way, because /bin/sh and /bin/ed are both
> statically linked and should always be available on all systems in
> single user mode. It seems unlikely that this will be an issue for
> anyone, but hey - you never know.

I guess I should have explained my concern more. I'm thinking some
l33t kid out there is going to look at that and say, "I can just do,

  # echo -e "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc

And not have to worry about all of that /bin/sh stuff at the front..."
and thus outsmart himself. He wouldn't realize you are counting on
features of the echo builtin in sh(1) and not /bin/echo or the csh(1)
echo builtin. The above commands don't work as desired for a
non-sh(1)-ish shell.

I'm curious to see how many posts to the list might appear as people
do just that. 

-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message