On Sun, Mar 7, 2010 at 12:57, Ignace Mouzannar wrote:
> I have just uploaded the new version of lshell (0.9.9) on m.d.n.
As a minor bug was filled on the 0.9.9 version of lshell [1] , I have
released a new version (0.9.10) correcting it.
The new package has been uploaded on m.d.n [2].
Sorry for
tags 572144 + pending
thanks
On Tue, Mar 2, 2010 at 13:08, Maximiliano Curia wrote:
> Hola Ignace Mouzannar!
Bonjour Maximiliano,
> El 01/03/2010 a las 23:42 escribiste:
>> Hello Piotr,
>>
>> On Mon, Mar 1, 2010 at 22:11, Piotr Minkina wrote:
>> > In example I can run "echo $(/bin/sh)" or "ech
Hola Ignace Mouzannar!
El 01/03/2010 a las 23:42 escribiste:
> Hello Piotr,
>
> On Mon, Mar 1, 2010 at 22:11, Piotr Minkina wrote:
> > In example I can run "echo $(/bin/sh)" or "echo $(/bin/su)", or every other
> > command.
>
> Thank you for reporting this. You are absolutely right that the
>
Hello Piotr,
On Mon, Mar 1, 2010 at 22:11, Piotr Minkina wrote:
> In example I can run "echo $(/bin/sh)" or "echo $(/bin/su)", or every other
> command.
Thank you for reporting this. You are absolutely right that the
default configuration of lshell permits this, and it should not.
I have alrea
Package: lshell
Version: 0.9.8-1
Severity: grave
Tags: security
Justification: user security hole
In example I can run "echo $(/bin/sh)" or "echo $(/bin/su)", or every other
command.
Best Regards,
Piotr
PS: Sorry for my English.
-- System Information:
Debian Release: 5.0.4
APT prefers stable
5 matches
Mail list logo
