Date: Sat, 12 Sep 1998 21:29:49 -0500 (CDT) From: James Wyatt <jwyatt@rwsystr.RWSystems.net> To: security@FreeBSD.ORG Subject: Re: cat exploit Message-ID: <Pine.LNX.3.91.980912210626.10538C-100000@rwsystr.RWSystems.net> In-Reply-To: <19980911124430.A15005@drwho.xnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 11 Sep 1998, Michael Maxwell wrote: > On Thu, Sep 10, 1998 at 10:57:59AM -0700, patl@phoenix.volant.org wrote: > > No, I usually 'less', 'more', or even 'emacs' it. For two reasons. > > 1) INSTALL is usually too large to fit in a single terminal window; > > sometimes too large to fit in the default scrollbuffer. 2) It > > might contain characters that would make my terminal window do > > something I'd rather it didn't... > And another solution that has thus far been forgotten: file(1). I use this > routinely, on systems that have it, before I "cat" or "more" a file... 'file' only looks at enough of the file to characterize it and print something for the user. It catches binaries, but not someone who embedding a control char in an interactive session (chat, motd 8{), old finger, such) or somewhere down in a 'text' file. Having Who-R-You (Ctl-E) support is *very* handy, could we just make it static? Make it return 'xterm' and nothing else and it might be safe. James Wyatt (jwyatt@rwsystems.net) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.91.980912210626.10538C-100000>