From owner-freebsd-security  Thu Sep 10 09:58:35 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA04454
          for freebsd-security-outgoing; Thu, 10 Sep 1998 09:58:35 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns0.fast.net.uk (ns0.fast.net.uk [194.207.104.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA04449
          for <security@FreeBSD.ORG>; Thu, 10 Sep 1998 09:58:32 -0700 (PDT)
          (envelope-from netadmin@fastnet.co.uk)
Received: from na.nu.na.nu (bofh.fast.net.uk [194.207.104.22])
	by ns0.fast.net.uk (8.9.0/8.8.7) with ESMTP id RAA10442
	for <security@FreeBSD.ORG>; Thu, 10 Sep 1998 17:58:18 +0100 (BST)
Received: from bofh.fast.net.uk (bofh.fast.net.uk [194.207.104.22])
	by na.nu.na.nu (8.8.8/8.8.8) with SMTP id RAA02522
	for <security@FreeBSD.ORG>; Thu, 10 Sep 1998 17:58:16 +0100 (BST)
	(envelope-from netadmin@fastnet.co.uk)
Date: Thu, 10 Sep 1998 17:58:16 +0100 (BST)
From: Jay Tribick <netadmin@fastnet.co.uk>
X-Sender: netadmin@bofh.fast.net.uk
To: security@FreeBSD.ORG
Subject: Re: cat exploit
In-Reply-To: <199809101614.NAA07518@dragon.acadiau.ca>
Message-ID: <Pine.BSF.3.96.980910174455.1831g-100000@bofh.fast.net.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


(Finally!)

| Is it just me or did everyone miss the point of Jay's message?

:)

| What would happen if I created a file called README that was binary. Since
| Jay accidentally had the cat'd sendmail.st execute the command "xtermxterm"
| then wouldn't it be possible to create a file (like the README) the people
| would be tricked into catting that would run commands as them?
| Consider running th rm command. Hell, stick it in a temp dir and make a
| shell script called xtermxterm and I believe catting the file will run the
| script.

That's exactly what I was saying - just for example, say your installing
something as root you usually cat the file INSTALL to find out what
you need to do - it would be relatively simple to embed a command
in there to just rm -rf / & your hd!

Regards,

Jay Tribick <netadmin@fastnet.co.uk>
--
[| Network Admin | FastNet International | http://fast.net.uk/ |]
[| Finger netadmin@fastnet.co.uk for contact info & PGP PubKey |]
[|   +44 (0)1273 T: 677633 F: 621631 e: netadmin@fast.net.uk   |]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message