[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: shared root account

On Sat, Jul 07, 2001 at 03:16:39AM -0800, Ethan Benson wrote:
> > alias /bin/su='/var/tmp/hax0rSu'
> i would consider this a bug in the shell. 

I disagree; from the Bash man page:

       The  alias name and the replacement text may con-
       tain any valid shell input, including  the  metacharacters
       listed  above,  with the exception that the alias name may
       not contain =.

You could still say maybe it's a policy bug to allow this (and I would
continue to disagree); but bug or not, beware - at least bash 2.03 and
2.05, and ash in potato work this way.  So do pdksh (/bin/sh) on OpenBSD
and /bin/sh (which is the same as our 'ash') on NetBSD.

This also works for functions in bash.

Reply to: