Skip to main content.
home | support | download

Back to List Archive

Re: re: Unsafe SWISH calls from Perl

From: David Norris <dave(at)not-real.webaugur.com>
Date: Tue Sep 12 2000 - 16:18:06 GMT
Chris Humphries wrote:
> Are PCs susceptible to something like the shell-escape problem that UNIX has?

I would expect Windows NT/2000 might be susceptible as the shell is
supposedly POSIX compliant; the normal commands one might use are
different (more VMS-like), of course.  There is a Unix option for NT
that adds many common Unix tools including Korn Shell.  In either case
it's probably just as much an issue.  It's mostly trivial to find which
OS is on the system by examining TCP/IP sequences.  Windows practically
shouts it's presence on TCP/IP.  One with intent could figure out easily
either by brute force or an educated guess.

The Win9x shell shouldn't have any issues.  It's almost useless with
direct access to a prompt.

-- 
,David Norris
  Dave's Web - http://www.webaugur.com/dave/
  Dave's Weather - http://www.webaugur.com/dave/wx
  ICQ Universal Internet Number - 412039
  E-Mail - dave@webaugur.com

"I would never belong to a club that would have me as a member!"
                                          - Groucho Marx
Received on Tue Sep 12 09:18:38 2000