Re: FreeBSD Security Advisory FreeBSD-SA-02:27.rc

From: Kris Kennaway (kris@obsecurity.org)
Date: 05/30/02 

Date: Wed, 29 May 2002 16:54:32 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: cjclark@alum.mit.edu

On Wed, May 29, 2002 at 03:41:13PM -0700, Crist J. Clark wrote:
> On Wed, May 29, 2002 at 04:03:34PM -0500, Jacques A. Vidrine wrote:
> > On Wed, May 29, 2002 at 01:38:52PM -0700, Crist J. Clark wrote:
> > > > /bin/sh -c 'echo -e "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc'
> > >
> > > Ick. How about,
> > >
> > > # /usr/bin/printf "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc
> > >
> > > Next time?
> >
> > *shrug* One could prescribe any number of alternatives to achieve the
> > modification. I chose this way, because /bin/sh and /bin/ed are both
> > statically linked and should always be available on all systems in
> > single user mode. It seems unlikely that this will be an issue for
> > anyone, but hey - you never know.
>
> I guess I should have explained my concern more. I'm thinking some
> l33t kid out there is going to look at that and say, "I can just do,
>
> # echo -e "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc
>
> And not have to worry about all of that /bin/sh stuff at the front..."
> and thus outsmart himself.

If people are too stupid^Welite to follow directions they deserve what
they get.

Kris

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message