Date: Thu, 10 Sep 1998 16:22:30 -0500 (CDT) From: Aleph One <aleph1@dfw.net> To: Jared Mauch <jared@puck.nether.net> Cc: "Jordan K. Hubbard" <jkh@time.cdrom.com>, Michael Richards <026809r@dragon.acadiau.ca>, security@FreeBSD.ORG Subject: Re: cat exploit Message-ID: <Pine.SUN.4.01.9809101620060.13293-100000@dfw.nationwide.net> In-Reply-To: <19980910171918.E12040@puck.nether.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 10 Sep 1998, Jared Mauch wrote: > > Whoa! If you dont know the contents of a file dont read it. If you dont > > read a file you dont know its contents. Thats some really useful > > suggestion. > > Silly rabbit, tricks are for kids. > > What you really need to do is using a modern file(1), or > more specifically file with a modern magic(5) file, you can determine > the best way to view it. Are you going to really use file(1) on every README file you find to try to determine if its dangerous? Will all your users to the same? What we need to fix is silly programs like xterm that process dangerous escape characters. > - jared > > -- > Jared Mauch | pgp key available via finger from jared@puck.nether.net > | http://puck.nether.net/~jared/ > Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.4.01.9809101620060.13293-100000>