"Jason M. Felice" <[EMAIL PROTECTED]> writes:
[...]
> Okay, that's probably the better solution, anyway. "whiptail" is
> command-line compatible?
Maybe not completely, but it's the same as far as xt5250 needs.
> I had to think about this for a second. Hmm, interesting. User 'badguy'
> symlinks /tmp/xt5250.45 => /home/goodguy/crontab, then 'goodguy' destroys
> his own file when running xt5250. This is what peer review is good for :)
After posting it, I cam up with an even better exploit: A symlink from
/tmp/xt5250.54321 -> /home/goodguy/.rhosts. Now any developer on the
AS/400 you connect to can log in as `goodguy' after the AS/400's
hostname gets written to .rhosts, if rshd hasn't been disabled.
> 1>&3 ? What's 3? I thought only DOS had 3 stdxxx (the third being the PRN:
> printer). Hmm, I'll see if that works, if not, I'll see if there is a shell
> equivalent of tmpfile().
`exec 3>&1' does a dup2() to open a copy of FD 1 on FD 3. Then saying
1>&3 later reopens stdout on the old file descriptor, before $()
opened a pipe for the shell to read the result.
> I removed smacs, rmacs, and acsc entries from the terminfo entries just
> to fix this problem. I think both your solution and the current solution
> would have different maintenance issues. For example, we load a complete
> keymap with loadkeys, so we could possible be using a different set of keys
> than the default terminfo for the linux console.
The console output is still the same after loadkeys though, so smacs,
etc. would still be correct. I've used only Debian for a while
though, so I don't know what other distributions do for console
mappings.
--
Carey Evans http://home.clear.net.nz/pages/c.evans/
CONFIG_IPL_RDR
Select this option if you want to IPL the image from a real card reader.
+---
| This is the LINUX5250 Mailing List!
| To submit a new message, send your mail to [EMAIL PROTECTED]
| To subscribe to this list send email to [EMAIL PROTECTED]
| To unsubscribe from this list send email to [EMAIL PROTECTED]
| Questions should be directed to the list owner/operator: [EMAIL PROTECTED]
+---
