3 comments

[ 2.6 ms ] story [ 19.2 ms ] thread
Isn't this a nothing-burger? c_rehash does not run setuid root. Is there an example or threat of a practical exploit that I am overlooking here or is this just academic nitpicking?
“This script is distributed by some operating systems in a manner where it is automatically executed” — probably executed as root, right?
Then the bug is in the OS. Did you know that rm can destroy your system ?