(tye)Re: Is this script safe?

Well, if you changed the .bash_rc file to contain "exec perl login.pl" so a quick CTRL-C didn't just give you a shell prompt (and several other changes), then you've narrowed down the easy ways to get around this to:

"!" in lynx gives you a shell!!
lynx can save files so they can overwrite login.pl or .admin!!
...OK, I'm bored now...

- tye (but my friends call me "Tye")

Comment on (tye)Re: Is this script safe?

Replies are listed 'Best First'.
Re: (tye)Re: Is this script safe? by mt2k (Hermit) on May 25, 2001 at 04:35 UTC
NOBODY COPY THAT SCRIPT PLEASE! VERY, VERY BAD SCRIPT. THANKS TO TYE, I SEE THAT THERE ARE SEVERAL WAYS TO FIGHT THAT SCRIPT, MAINLY A "!" in lynx and then a "rm -rf login.pl" in the shell that opens. THANKS TYE!	[reply]
Re: Re: (tye)Re: Is this script safe? by Anonymous Monk on May 25, 2001 at 05:02 UTC
Read the documentation for lynx, specifically the -restrictions part which allows you to disallow things such as executing a shell (lynx -restrictions=shell). There's also no reason why the person executing login.pl would need permission to delete it, so an rm -rf login.pl shouldn't be a concern.	[reply]
(tye)Re2: Is this script safe? by tye (Sage) on May 25, 2001 at 05:06 UTC
Actually, "rm -f login.pl" will work no matter the permissions in this specific case as mt2k will own the "login.pl" file (since he obviously isn't an admin on this system). - tye (but my friends call me "Tye")	[reply]