lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: eric at arcticbears.com (Eric Paynter)
Subject: Another IE trick (Re: IE sucks : sun java 
     virtual machine insecure tmp file creation)

On Fri, July 9, 2004 5:40 pm, Nick FitzGerald said:
> Somewhat oddly
> (perhaps -- this is Windows after all...) simply trying to invoke them
> from a shell commandline results in an "Access is denied" error (Win2K
> SP4 -- YMMV) yet using a command of the form:
>
>    <script_interpreter> <script_filename>
>
> (e.g. "cscript test.js" or "perl test.pl") or simply entering the
> script's filename into the Start/Run applet or double-clicking the
> script in Explorer sees the script "execute" just fine.

I expect this is because it is the interpreter that is executing, not the
script. The script is just opened for read by the interpreter. This is the
same with Windows file associations: the target is passed as a parameter
to the interpreter. If you "sh /tmp/script.sh", and /tmp is noexec,
script.sh will still run. Even if you chmod 644 /tmp/script.sh you can run
it with "sh /tmp/script.sh"

-Eric

--
arctic bears - affordable email and name services @yourdomain.com
http://www.arcticbears.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ