Path: utzoo!mnetor!uunet!husc6!purdue!umd5!mimsy!chris
From: chris@mimsy.UUCP (Chris Torek)
Newsgroups: comp.bugs.sys5
Subject: Re: A security hole (/bin/sh IFS)
Message-ID: <10649@mimsy.UUCP>
Date: 15 Mar 88 09:25:19 GMT
References: <181@wsccs.UUCP> <722@rivm05.UUCP> <478@minya.UUCP> <892@cosmo.UUCP> <7443@brl-smoke.ARPA>
Organization: U of Maryland, Dept. of Computer Science, Coll. Pk., MD 20742
Lines: 7

Incidentally, note that the 4.3BSD /bin/sh does not import IFS from
the environment (like Doug Gwyn's BRL sh), except that it does this
*only* if you are root or if geteuid()!=getuid().  (Making it an exception
for root/setuid is, I think, bogus.)
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris@mimsy.umd.edu	Path:	uunet!mimsy!chris