× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. LINUX5250
  3. January 2000

Re: 0.15.5 released

  • Subject: Re: 0.15.5 released
  • From: Carey Evans <c.evans@xxxxxxxxxxxx>
  • Date: 08 Jan 2000 15:06:13 +1300
  • User-Agent: Gnus/5.0803 (Gnus v5.8.3) XEmacs/21.1 (Bryce Canyon)
 
"Jason M. Felice" <jasonf@Baldwingroup.COM> writes:

[...]

> Okay, that's probably the better solution, anyway.  "whiptail" is
> command-line compatible?

Maybe not completely, but it's the same as far as xt5250 needs.

> I had to think about this for a second.  Hmm, interesting.  User 'badguy'
> symlinks /tmp/xt5250.45 => /home/goodguy/crontab, then 'goodguy' destroys
> his own file when running xt5250.  This is what peer review is good for :)

After posting it, I cam up with an even better exploit: A symlink from
/tmp/xt5250.54321 -> /home/goodguy/.rhosts.  Now any developer on the
AS/400 you connect to can log in as `goodguy' after the AS/400's
hostname gets written to .rhosts, if rshd hasn't been disabled.

> 1>&3 ?   What's 3?  I thought only DOS had 3 stdxxx (the third being the PRN:
> printer).  Hmm, I'll see if that works, if not, I'll see if there is a shell
> equivalent of tmpfile().

`exec 3>&1' does a dup2() to open a copy of FD 1 on FD 3.  Then saying
1>&3 later reopens stdout on the old file descriptor, before $()
opened a pipe for the shell to read the result.

> I removed smacs, rmacs, and acsc entries from the terminfo entries just
> to fix this problem.  I think both your solution and the current solution
> would have different maintenance issues.  For example, we load a complete
> keymap with loadkeys, so we could possible be using a different set of keys
> than the default terminfo for the linux console.

The console output is still the same after loadkeys though, so smacs,
etc. would still be correct.  I've used only Debian for a while
though, so I don't know what other distributions do for console
mappings.

-- 
         Carey Evans  http://home.clear.net.nz/pages/c.evans/

CONFIG_IPL_RDR
  Select this option if you want to IPL the image from a real card reader.
+---
| This is the LINUX5250 Mailing List!
| To submit a new message, send your mail to LINUX5250@midrange.com.
| To subscribe to this list send email to LINUX5250-SUB@midrange.com.
| To unsubscribe from this list send email to LINUX5250-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.