Date: Thu, 10 Sep 1998 17:58:16 +0100 (BST) From: Jay Tribick <netadmin@fastnet.co.uk> To: security@FreeBSD.ORG Subject: Re: cat exploit Message-ID: <Pine.BSF.3.96.980910174455.1831g-100000@bofh.fast.net.uk> In-Reply-To: <199809101614.NAA07518@dragon.acadiau.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
(Finally!) | Is it just me or did everyone miss the point of Jay's message? :) | What would happen if I created a file called README that was binary. Since | Jay accidentally had the cat'd sendmail.st execute the command "xtermxterm" | then wouldn't it be possible to create a file (like the README) the people | would be tricked into catting that would run commands as them? | Consider running th rm command. Hell, stick it in a temp dir and make a | shell script called xtermxterm and I believe catting the file will run the | script. That's exactly what I was saying - just for example, say your installing something as root you usually cat the file INSTALL to find out what you need to do - it would be relatively simple to embed a command in there to just rm -rf / & your hd! Regards, Jay Tribick <netadmin@fastnet.co.uk> -- [| Network Admin | FastNet International | http://fast.net.uk/ |] [| Finger netadmin@fastnet.co.uk for contact info & PGP PubKey |] [| +44 (0)1273 T: 677633 F: 621631 e: netadmin@fast.net.uk |] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980910174455.1831g-100000>