Security threat with the echo command

uma_mahesh_2005 · 04-06-2006, 06:24 AM

Is the following command show the password of the current user?
echo '82 43/25 43+65p80p82p73p76p32p70p79p79p76p10p' | dc

Gethyn · 04-06-2006, 06:57 AM

Doesn't seem to, no - at least not in Ubuntu.

kilgoretrout · 04-06-2006, 07:03 AM

dc is an old unix command line calculator; haven't seen that installed on any linux distro. The echo string is in the type of format that dc would accept as input. Since that is what is being piped into dc, it is, if anything, a security issue with dc, not echo. I can't test it since I don't have dc installed on any linux system but I seriously doubt it will give you the current user's password.

unSpawn · 04-06-2006, 07:08 AM

April Fools Day joke. The original post says if you run this as root it would give root password.
* Sure you run unknown stuff inside Qemu, right? With -loadvm the system's up from zero to cli in 3 secs...

nx5000 · 04-06-2006, 08:26 AM

Code:

debian:~/bin# echo '82 43/25 43+65p80p82p73p76p32p70p79p79p76p10p' | dc
65
80
82
73
76
32
70
79
79
76
10
debian:~/bin#
(still alive)

unSpawn · 04-06-2006, 08:38 AM

Yr sposed to do this as root account user. The OP just didnt post the full joke.

nx5000 · 04-06-2006, 08:45 AM

Yes it was as root,
but since then it has rebooted by itself,
pretty effective

lucktsm · 04-06-2006, 11:50 AM

Interesting. Scary, but interesting.

foreverursabhi · 05-04-2006, 06:14 AM

This produces an output - APRIL FOOL! Somebody please tell me how.