* [TUHS] "/bin/sh: the biggest Unix security loophole"
@ 2025-01-08 17:15 Douglas McIlroy
2025-01-08 20:58 ` [TUHS] " Warren Toomey via TUHS
0 siblings, 1 reply; 4+ messages in thread
From: Douglas McIlroy @ 2025-01-08 17:15 UTC (permalink / raw)
To: TUHS main list, chet.ramey
[-- Attachment #1: Type: text/plain, Size: 148 bytes --]
I have sent a scan of Jim Reeds's 1984 technical memorandum on Bourne-shell
security risks to Warren Toomey for posting in the TUHS archives.
Doug
[-- Attachment #2: Type: text/html, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* [TUHS] Re: "/bin/sh: the biggest Unix security loophole"
2025-01-08 17:15 [TUHS] "/bin/sh: the biggest Unix security loophole" Douglas McIlroy
@ 2025-01-08 20:58 ` Warren Toomey via TUHS
2025-01-08 21:57 ` Marc Rochkind
2025-01-15 14:51 ` Chet Ramey via TUHS
0 siblings, 2 replies; 4+ messages in thread
From: Warren Toomey via TUHS @ 2025-01-08 20:58 UTC (permalink / raw)
To: tuhs
On 9/1/25 03:15, Douglas McIlroy wrote:
> I have sent a scan of Jim Reeds's 1984 technical memorandum on
> Bourne-shell security risks to Warren Toomey for posting in the TUHS
> archives.
>
> Doug
It's now available at
https://www.tuhs.org/Archive/Documentation/TechReports/Bell_Labs/ReedsShellHoles.pdf
Thanks Doug!
Cheers,
Warren
^ permalink raw reply [flat|nested] 4+ messages in thread
* [TUHS] Re: "/bin/sh: the biggest Unix security loophole"
2025-01-08 20:58 ` [TUHS] " Warren Toomey via TUHS
@ 2025-01-08 21:57 ` Marc Rochkind
2025-01-15 14:51 ` Chet Ramey via TUHS
1 sibling, 0 replies; 4+ messages in thread
From: Marc Rochkind @ 2025-01-08 21:57 UTC (permalink / raw)
To: Warren Toomey; +Cc: tuhs
[-- Attachment #1: Type: text/plain, Size: 686 bytes --]
Very interesting and readable paper! No way systems inferior to UNIX could
get into such glorious levels of trouble. ;-)
Marc
On Wed, Jan 8, 2025 at 1:58 PM Warren Toomey via TUHS <tuhs@tuhs.org> wrote:
> On 9/1/25 03:15, Douglas McIlroy wrote:
> > I have sent a scan of Jim Reeds's 1984 technical memorandum on
> > Bourne-shell security risks to Warren Toomey for posting in the TUHS
> > archives.
> >
> > Doug
>
> It's now available at
>
> https://www.tuhs.org/Archive/Documentation/TechReports/Bell_Labs/ReedsShellHoles.pdf
>
> Thanks Doug!
>
> Cheers,
>
> Warren
>
>
--
Subscribe to my Photo-of-the-Week emails at my website mrochkind.com.
[-- Attachment #2: Type: text/html, Size: 1394 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* [TUHS] Re: "/bin/sh: the biggest Unix security loophole"
2025-01-08 20:58 ` [TUHS] " Warren Toomey via TUHS
2025-01-08 21:57 ` Marc Rochkind
@ 2025-01-15 14:51 ` Chet Ramey via TUHS
1 sibling, 0 replies; 4+ messages in thread
From: Chet Ramey via TUHS @ 2025-01-15 14:51 UTC (permalink / raw)
To: tuhs
[-- Attachment #1.1: Type: text/plain, Size: 1019 bytes --]
On 1/8/25 3:58 PM, Warren Toomey via TUHS wrote:
> On 9/1/25 03:15, Douglas McIlroy wrote:
>> I have sent a scan of Jim Reeds's 1984 technical memorandum on Bourne-
>> shell security risks to Warren Toomey for posting in the TUHS archives.
>>
>> Doug
>
> It's now available at https://www.tuhs.org/Archive/Documentation/
> TechReports/Bell_Labs/ReedsShellHoles.pdf
It's a great paper. I think the most interesting aspect is that the set
of loopholes Reeds concentrates on for the majority of the paper (Class 2)
aren't holes in the shell, per se. Except for the already-mentioned
behaviors of inheriting IFS from the environment and using it to split
all words, all of the weaknesses Reeds described are sloppy, but common,
programming practices in setuid programs. His conclusions are still
relevant.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 203 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2025-01-15 14:51 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-01-08 17:15 [TUHS] "/bin/sh: the biggest Unix security loophole" Douglas McIlroy
2025-01-08 20:58 ` [TUHS] " Warren Toomey via TUHS
2025-01-08 21:57 ` Marc Rochkind
2025-01-15 14:51 ` Chet Ramey via TUHS
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).