From owner-freebsd-security  Thu Sep 10 10:48:33 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA14685
          for freebsd-security-outgoing; Thu, 10 Sep 1998 10:48:33 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from time.cdrom.com (time.cdrom.com [204.216.27.226])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA14670
          for <security@FreeBSD.ORG>; Thu, 10 Sep 1998 10:48:31 -0700 (PDT)
          (envelope-from jkh@time.cdrom.com)
Received: from time.cdrom.com (jkh@localhost.cdrom.com [127.0.0.1])
	by time.cdrom.com (8.8.8/8.8.8) with ESMTP id KAA17578;
	Thu, 10 Sep 1998 10:45:50 -0700 (PDT)
	(envelope-from jkh@time.cdrom.com)
To: 026809r@dragon.acadiau.ca (Michael Richards)
cc: security@FreeBSD.ORG
Subject: Re: cat exploit 
In-reply-to: Your message of "Thu, 10 Sep 1998 13:14:53 -0300."
             <199809101614.NAA07518@dragon.acadiau.ca> 
Date: Thu, 10 Sep 1998 10:45:50 -0700
Message-ID: <17574.905449550@time.cdrom.com>
From: "Jordan K. Hubbard" <jkh@time.cdrom.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Is it just me or did everyone miss the point of Jay's message?

The problem is that Jay's message didn't actually have a point. :)

Rather, it described a symtom common to most VT100 compliant terminal
emulators and something very clearly under the "well don't DO that then"
category.  It's nothing new at all and if you're not sure of the
contents of a file, don't just blindly cat it to your screen.  The
same goes for any binary I might hand you - if I put up a file on
an FTP site called ``megaspacewar.exe'' and you go and run it on your
Windows box and it trojans you to death (or worse), who's fault is
that? :-)  Same basic issue.

- Jordan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message