[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Email based attack on University

On Sat, Oct 05, 2019 at 12:14:28PM -0000, Curt wrote:
> On 2019-10-05, <tomas@tuxteam.de> <tomas@tuxteam.de> wrote:
> >
> >   # But we can bypass it with Jonathan's first method:
> >   tomas@trotzki:~$ /bin/sh bar/hello
> >   hello, world
> >
> I meant
>  bash -c "~/whatever"
> appears to be faulty (for one reason or another.

I see. Yes, it is "faulty" because "-c" means to bash "invoke the
following argument as a command", and this precisely fails... due
to noexec. Without the "-c" it just means "interpret that file as
(ba)sh source", which doesn't care about the file's executable status.

-- t

Attachment: signature.asc
Description: Digital signature

Reply to: