Date: Thu, 10 Sep 1998 22:21:04 +0000 From: Niall Smart <rotel@indigo.ie> To: Studded <Studded@dal.net>, Michael Richards <026809r@dragon.acadiau.ca> Cc: security@FreeBSD.ORG Subject: Re: cat exploit Message-ID: <199809102121.WAA01790@indigo.ie> In-Reply-To: <35F818CA.8647A116@dal.net>; Studded <Studded@dal.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 10, 11:22am, Studded wrote: } Subject: Re: cat exploit > Michael Richards wrote: > > > > Hi. > > > > Is it just me or did everyone miss the point of Jay's message? > > It seems to me that a lot of people missed the point of one of the > warnings that someone else posted in response actually. Don't use cat > routinely to view files. Use more, or better yet less since less doesn't > view binary files by default. The "well don't do that then" response is not the correct solution to this problem. The issue is that the terminal emulator doesn't have an option to disable the features which are dangerous (which should be disabled by default). This is a subtle attack which can be prevented against in this way with far greater effectiveness than relying on the administrator/user to understand and remember the potential for exploitation present in seemly innocuous actions. Perhaps someone will now be prompted to make the necessary changes. :) Niall -- Niall Smart, rotel@indigo.ie. Amaze your friends and annoy your enemies: echo '#define if(x) if (!(x))' >> /usr/include/stdio.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809102121.WAA01790>