|
|
Many applications, services, and operating systems are built with a modular approach. Because of this, input provided by the user may pass through multiple modules. What is accepted by one module may cause a problem within another module. The classic example of this is the "PIPE passthrough" bug, which afflicts e-mail servers, FTP servers, web servers, scripting languages, and the like. For example, many PERL programs allow the user to input a filename, and then pass the filename to the a program via a shell command. However, the shell may interpret characters differently than the PERL program. In particular, if the user puts a PIPE character (|) as part of the file name, the shell will instead attempt to execute the rest of the "filename" as a program. The attacking user simply creates an interesting program that allows them to break into the system.
|
