On Tue, Oct 21, 2003 at 03:40:48PM -0400, Mark Roach wrote: > On Tue, 2003-10-21 at 12:03, Bijan Soleymani wrote: > [...] > > For example imagine you make "cat" suid... > > > > Then someone can do: > > cat /bin/rm /bin/cat > > cat -rf / > > This would just output both /bin/rm and /bin/cat to your screen... > if you were to "cat /bin/rm > /bin/cat" you would get > mrroach@flmrroach:~$ cat /bin/rm > /bin/cat bash: /bin/cat: Permission > denied > > because piping is done by the shell, not cat. I'm not arguing that this > is not unsafe, just that your particular example is incorrect ;-) d'oh! Yes I realized that after I sent the message... Bijan -- Bijan Soleymani <bijan@psq.com> http://www.crasseux.com
Attachment:
signature.asc
Description: Digital signature