when running a shell script, what's actually executed is the first line of
the script (after #!) + the name of the script.

If your script is named "-i", and in your path, just enter "-i", and
/bin/sh -i is executed which gives you an interactive shell.

There are probably half a dozen other ways to trick the shell into
executing arbitrary code that is not contained in the script (more if the
script actually does anything non-trivial, like e.g. an installer of some
sort). So instead of trying to fix them all (and most likely missing a
few), everybody just agreed that it was a terrible idea and removed the
feature.


On Sun, Aug 4, 2019 at 9:00 AM Noel Chiappa <jnc@mercury.lcs.mit.edu> wrote:

>     > From: Alec Muffett
>
>     > until someone realised that you could do:
>     >  ln -s /bin/scriptname ./-i
>     >  "-i" # assuming that "." is already in your path
>     > ...and get a root shell.
>
> I'm clearly not very awake this morning, because I don't understand how
> this
> works. Can you break it down a little? Thanks!
>
>        Noel
>
>