Date: Thu, 10 Sep 1998 10:57:59 -0700 (PDT) From: patl@phoenix.volant.org To: Jay Tribick <netadmin@fastnet.co.uk> Cc: security@FreeBSD.ORG Subject: Re: cat exploit Message-ID: <ML-3.3.905450279.6815.patl@asimov> In-Reply-To: <Pine.BSF.3.96.980910174455.1831g-100000@bofh.fast.net.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
> That's exactly what I was saying - just for example, say your installing > something as root you usually cat the file INSTALL to find out what > you need to do - it would be relatively simple to embed a command > in there to just rm -rf / & your hd! No, I usually 'less', 'more', or even 'emacs' it. For two reasons. 1) INSTALL is usually too large to fit in a single terminal window; sometimes too large to fit in the default scrollbuffer. 2) It might contain characters that would make my terminal window do something I'd rather it didn't... Cat should only be used to view files that are known to be small and clean. (E.g., /etc/motd) If there is -any- doubt at all you should use more, less, emacs, hd, or some other tool that is more terminal-aware and will convert 'unprintable' characters. -Pat To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ML-3.3.905450279.6815.patl>