Looking back at old vulnerabilities can be both fun and useful. Part history, part nostalgia, and still a healthy dose of understanding the technical innerworkings of some software or system. I'm sure that George Santayana would agree. I had planned to go into detail about a bygone vulnerability I found a long time ago in Oracle Reports, but for now this is just a teaser.
Welcome to the first post of what may become a series - Stupid Unix Tricks.
I love stupid Unix tricks. Even better if they can be used for something security-related. This remains one of my favorite security advisories ever. So it shouldn't be a surprise that I really enjoy security assessments that involve breaking out of a restricted shell. They're a lot of fun, and restricted shells are extremely hard to get right in terms of security and prevention. (I feel the same about kiosk escapes too, but that's a topic for another time.)