Date: Thu, 10 Sep 1998 13:14:53 -0300 (ADT) From: 026809r@dragon.acadiau.ca (Michael Richards) To: security@FreeBSD.ORG Subject: cat exploit Message-ID: <199809101614.NAA07518@dragon.acadiau.ca>
next in thread | raw e-mail | index | archive | help
Hi. Is it just me or did everyone miss the point of Jay's message? What would happen if I created a file called README that was binary. Since Jay accidentally had the cat'd sendmail.st execute the command "xtermxterm" then wouldn't it be possible to create a file (like the README) the people would be tricked into catting that would run commands as them? Consider running th rm command. Hell, stick it in a temp dir and make a shell script called xtermxterm and I believe catting the file will run the script. -Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809101614.NAA07518>