Date: Thu, 10 Sep 1998 22:24:53 +0000 From: Niall Smart <rotel@indigo.ie> To: "Jordan K. Hubbard" <jkh@time.cdrom.com>, 026809r@dragon.acadiau.ca (Michael Richards) Cc: security@FreeBSD.ORG Subject: Re: cat exploit Message-ID: <199809102124.WAA01807@indigo.ie> In-Reply-To: <17574.905449550@time.cdrom.com>; "Jordan K. Hubbard" <jkh@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 10, 10:45am, "Jordan K. Hubbard" wrote: } Subject: Re: cat exploit > > Is it just me or did everyone miss the point of Jay's message? > > Rather, it described a symtom common to most VT100 compliant terminal > emulators and something very clearly under the "well don't DO that then" > category. It's nothing new at all and if you're not sure of the > contents of a file, don't just blindly cat it to your screen. It might not be new, but it's certainly subtle and not well known. Lets imagine there were a buffer overflow in some editor which could be exploited by opening a file with a certain header and contents. If someone claimed this were dangerous would "well don't edit arbitrary files, look at them in less first" be an appropriate response? Niall -- Niall Smart, rotel@indigo.ie. Amaze your friends and annoy your enemies: echo '#define if(x) if (!(x))' >> /usr/include/stdio.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809102124.WAA01807>