4 Aug
2019
4 Aug
'19
6:50 p.m.
when running a shell script, what's actually executed is the first line of
the script (after #!) + the name of the script.
If your script is named "-i", and in your path, just enter "-i", and
/bin/sh -i is executed which gives you an interactive shell.
There are probably half a dozen other ways to trick the shell into
executing arbitrary code that is not contained in the script (more if the
script actually does anything non-trivial, like e.g. an installer of some
sort). So instead of trying to fix them all (and most likely missing a
few), everybody just agreed that it was a terrible idea and removed the
feature.
On Sun, Aug 4, 2019 at 9:00 AM Noel Chiappa <jnc(a)mercury.lcs.mit.edu> wrote:
From: Alec
Muffett
until someone realised that you could do:
ln -s /bin/scriptname ./-i
"-i" # assuming that "." is already in your path
...and get a root shell.
I'm clearly not very awake this morning, because I don't understand how
this
works. Can you break it down a little? Thanks!
Noel