We have accounts with a default shell of rksh. I've read that if a user can run a program that allows shell escapes or subshells within the program can get to an unrestricted shell. According to "Practical UNIX & Internet Security" by Garfinkel & Spafford, O'Reilly, Page 231, the man command can be exploited this way.
I am concerned about this vunerability, but I don't know enough about defeating rksh to demonstrate the problem to management.
Could someone tell if my concern is warrented and how to prove my concerns are valid with an example of defeating rksh security?
Russell Zimmermann
EYT - Systems Analyst
I am concerned about this vunerability, but I don't know enough about defeating rksh to demonstrate the problem to management.
Could someone tell if my concern is warrented and how to prove my concerns are valid with an example of defeating rksh security?
Russell Zimmermann
EYT - Systems Analyst
