Aucbonyx.204 net.2bsd-bugs utzoo!decvax!ucbvax!ARPAVAX:Onyx:jmrubin Wed Nov 25 15:18:47 1981 berknet security hole Nsh, the shell used by network, does not look for ";"'s in the string when it makes sure than the command is free. Thus, the command: net -m ROGUEVAX -l network "who > /dev/null ; forbidden blaah blech" works, where forbidden is a command ususally prohibited to network, but y be necessary to give the full path name of the forbidden command--depending on how network's $PATH compares to the average user's $PATH.) ----------------------------------------------------------------- gopher://quux.org/ conversion by John Goerzen of http://communication.ucsd.edu/A-News/ This Usenet Oldnews Archive article may be copied and distributed freely, provided: 1. There is no money collected for the text(s) of the articles. 2. The following notice remains appended to each copy: The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996 Bruce Jones, Henry Spencer, David Wiseman.