Tony Nugent said once upon a time (Thu, 30 Nov 2000):
> or something similar. I sometimes use /etc/hosts.deny to send me
> mail notifications with some denies, or have it logged into a file
> somewhere. See below for an example of this.
[snip]
> ALL: ALL : \
> spawn ( \
> /bin/echo -e "\n\
> TCP Wrappers\: Connection Refused\n\
> By\: $(uname -n)\n\
> Process\: %d (pid %p)\n\
> User\: %u\n\
> Host\: %c\n\
> Date\: $(date)\n\
> "| /bin/mail -s "Wrappers@$(uname -n)\: %d refused for %c" root ) &
Is there any sanity checking that takes place on %u or %c? The remote
user has control over those values. You are then putting those variables
on the command line. If those variables aren't thoroughly scrubbed, you
have a sure recipe for disaster.
It would be safer to use swatch against /var/log/secure.
Dax Kelson
Guru Labs
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list