Date: Thu, 10 Sep 1998 17:34:19 -0400 From: Jared Mauch <jared@puck.nether.net> To: Aleph One <aleph1@dfw.net> Cc: "Jordan K. Hubbard" <jkh@time.cdrom.com>, Michael Richards <026809r@dragon.acadiau.ca>, security@FreeBSD.ORG Subject: Re: cat exploit Message-ID: <19980910173419.G12040@puck.nether.net> In-Reply-To: <Pine.SUN.4.01.9809101620060.13293-100000@dfw.nationwide.net>; from Aleph One on Thu, Sep 10, 1998 at 04:22:30PM -0500 References: <19980910171918.E12040@puck.nether.net> <Pine.SUN.4.01.9809101620060.13293-100000@dfw.nationwide.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Sep 10, 1998 at 04:22:30PM -0500, Aleph One wrote: > On Thu, 10 Sep 1998, Jared Mauch wrote: > > > > Whoa! If you dont know the contents of a file dont read it. If you dont > > > read a file you dont know its contents. Thats some really useful > > > suggestion. > > > > Silly rabbit, tricks are for kids. > > > > What you really need to do is using a modern file(1), or > > more specifically file with a modern magic(5) file, you can determine > > the best way to view it. > > Are you going to really use file(1) on every README file you find to try > to determine if its dangerous? Will all your users to the same? What we > need to fix is silly programs like xterm that process dangerous escape > characters. How are you going to do your terminal emulation then? if you always use cat -v, that will escape them. what's the problem? echo alias cat cat -v >> ~/.profile echo alias cat cat -v >> ~/.cshrc etc.. - jared To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980910173419.G12040>