Date: Thu, 10 Sep 1998 15:01:32 -0500 (CDT) From: Aleph One <aleph1@dfw.net> To: "Jordan K. Hubbard" <jkh@time.cdrom.com> Cc: Michael Richards <026809r@dragon.acadiau.ca>, security@FreeBSD.ORG Subject: Re: cat exploit Message-ID: <Pine.SUN.4.01.9809101458470.13293-100000@dfw.nationwide.net> In-Reply-To: <17574.905449550@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 10 Sep 1998, Jordan K. Hubbard wrote: > The problem is that Jay's message didn't actually have a point. :) > > Rather, it described a symtom common to most VT100 compliant terminal > emulators and something very clearly under the "well don't DO that then" > category. It's nothing new at all and if you're not sure of the > contents of a file, don't just blindly cat it to your screen. The > same goes for any binary I might hand you - if I put up a file on > an FTP site called ``megaspacewar.exe'' and you go and run it on your > Windows box and it trojans you to death (or worse), who's fault is > that? :-) Same basic issue. Whoa! If you dont know the contents of a file dont read it. If you dont read a file you dont know its contents. Thats some really useful suggestion. How about something more practical? Like being able to turn off this "feature". > - Jordan Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.4.01.9809101458470.13293-100000>