Date: Sat, 12 Sep 1998 21:29:49 -0500 (CDT) From: James Wyatt <jwyatt@rwsystr.RWSystems.net> To: security@FreeBSD.ORG Subject: Re: cat exploit Message-ID: <Pine.LNX.3.91.980912210626.10538C-100000@rwsystr.RWSystems.net> In-Reply-To: <19980911124430.A15005@drwho.xnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 11 Sep 1998, Michael Maxwell wrote:
> On Thu, Sep 10, 1998 at 10:57:59AM -0700, patl@phoenix.volant.org wrote:
> > No, I usually 'less', 'more', or even 'emacs' it. For two reasons.
> > 1) INSTALL is usually too large to fit in a single terminal window;
> > sometimes too large to fit in the default scrollbuffer. 2) It
> > might contain characters that would make my terminal window do
> > something I'd rather it didn't...
> And another solution that has thus far been forgotten: file(1). I use this
> routinely, on systems that have it, before I "cat" or "more" a file...
'file' only looks at enough of the file to characterize it and print
something for the user. It catches binaries, but not someone who embedding
a control char in an interactive session (chat, motd 8{), old finger,
such) or somewhere down in a 'text' file.
Having Who-R-You (Ctl-E) support is *very* handy, could we just make it
static? Make it return 'xterm' and nothing else and it might be safe.
James Wyatt (jwyatt@rwsystems.net)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.91.980912210626.10538C-100000>