Re: shell script cgi (summary?)

> Thanks to everyone who replied regarding my attempts

I don't know what bad vibes you're getting here. You call it 'suprisingly resilient' and 'not nearly as bad' as you thought. But the fact is it's acting exactly the way it should and is in no way exploitable. It's not just "not nearly as bad" - it's rock solid.

This doesn't mean it's pretty or elegant, but it's the only real way to do it in shell. Yes, we could easily write better versions if this were in Perl or C, avoiding any external system() like calls. But this simply works fine.

> The $ua variable is not ever used again so there's no

This is the crucial point though. The line above cannot be exploited. But if $ua were used somewhere else, the result of the line above may be abused in later uses of the variable.

> .. it's a very useless

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

I will go so far as to say that the "ua=..." assignment above *cannot* and will not every be exploitable on a Bourne shell variant that acts properly and isn't broken itself. This isn't an issue of timeline. You can't break that line of shell.

--
Brian Hatch                  #define QUESTION \
   Systems and                  ((bb) || !(bb))
   Security Engineer
http://www.ifokr.org/bri/

Every message PGP signed