IBM AIX 3.2.5 - 'IFS' Local Privilege Escalation

source: https://www.securityfocus.com/bid/454/info Under older versions of AIX By changing the IFS enviroment variable to / setuid root programs that use system or popen can be fooled into running user provided programs. !/bin/csh IFS hole in AIX3.2 rmail gives egid=mail. Apr. 1994 Setup needed...