From owner-freebsd-security  Thu Sep 10 14:34:20 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA02167
          for freebsd-security-outgoing; Thu, 10 Sep 1998 14:34:20 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from indigo.ie (ts02-010.dublin.indigo.ie [194.125.134.140])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA02103
          for <security@FreeBSD.ORG>; Thu, 10 Sep 1998 14:34:10 -0700 (PDT)
          (envelope-from rotel@indigo.ie)
Received: (from nsmart@localhost)
	by indigo.ie (8.8.8/8.8.7) id WAA01807;
	Thu, 10 Sep 1998 22:24:53 +0100 (IST)
	(envelope-from rotel@indigo.ie)
From: Niall Smart <rotel@indigo.ie>
Message-Id: <199809102124.WAA01807@indigo.ie>
Date: Thu, 10 Sep 1998 22:24:53 +0000
In-Reply-To: <17574.905449550@time.cdrom.com>; "Jordan K. Hubbard" <jkh@time.cdrom.com>
Reply-To: rotel@indigo.ie
X-Files: The truth is out there
X-Mailer: Mail User's Shell (7.2.6 beta(3) 11/17/96)
To: "Jordan K. Hubbard" <jkh@time.cdrom.com>,
        026809r@dragon.acadiau.ca (Michael Richards)
Subject: Re: cat exploit
Cc: security@FreeBSD.ORG
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Sep 10, 10:45am, "Jordan K. Hubbard" wrote:
} Subject: Re: cat exploit
> > Is it just me or did everyone miss the point of Jay's message?
> 
> Rather, it described a symtom common to most VT100 compliant terminal
> emulators and something very clearly under the "well don't DO that then"
> category.  It's nothing new at all and if you're not sure of the
> contents of a file, don't just blindly cat it to your screen.

It might not be new, but it's certainly subtle and not well known.
Lets imagine there were a buffer overflow in some editor which
could be exploited by opening a file with a certain header and
contents.  If someone claimed this were dangerous would "well
don't edit arbitrary files, look at them in less first" be
an appropriate response?


Niall

-- 
Niall Smart, rotel@indigo.ie.
Amaze your friends and annoy your enemies:
echo '#define if(x) if (!(x))' >> /usr/include/stdio.h

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message