Date: Thu, 10 Sep 1998 10:46:07 -0700 From: Darren Mutz <mutz@aig.jpl.nasa.gov> To: freebsd-security@FreeBSD.ORG Subject: Re: Err.. cat exploit.. (!) Message-ID: <199809101746.KAA15836@pompeii.jpl.nasa.gov> In-Reply-To: Your message of "Thu, 10 Sep 1998 11:10:22 EDT." <199809101510.LAA08830@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
><<On Thu, 10 Sep 1998 14:43:24 +0100, Josef Karthauser <joe@pavilion.net> said: > >>> bofh$ cat sendmail.st >>> `ay5habf33*`ma}`)`Jj]: Jsu-2.01$ xtermxterm >>> su: xtermxterm: command not found >>> bofh$ > >> I've noticed this also. Catting some binaries (by accident of course) >> seems to interact with the terminal badly!! This is on an 'rxvt' running >> bash. > >That's why you should normally use `more' or `less'. IMHO, that's not the real fix here -- what's potentially of more interest is the fact that writing some sequence of characters to rxvt can confuse it to the extent that it will execute another string you write to it. This problem seems to imply that anyone with write access to your terminal can execute commands as you. -- Darren Mutz darren.mutz@jpl.nasa.gov My opinions, not JPL's. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809101746.KAA15836>