Date: Thu, 10 Sep 1998 11:07:03 -0700 From: Sean Harding <sharding@gutenberg.uoregon.edu> To: Jay Tribick <netadmin@fastnet.co.uk> Cc: security@FreeBSD.ORG Subject: Re: cat exploit Message-ID: <Pine.SGI.4.02.9809101105420.54-100000@gutenberg.uoregon.edu> In-Reply-To: <Pine.BSF.3.96.980910174455.1831g-100000@bofh.fast.net.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 10 Sep 1998, Jay Tribick wrote: > something as root you usually cat the file INSTALL to find out what > you need to do - it would be relatively simple to embed a command > in there to just rm -rf / & your hd! I agree that this is a problem...However, your example is yet another good reason to do as little as root as possible. You should read all of the documentation and build the software as a normal user. Only su or sudo for the 'make install' command... Sean -- Sean Harding sharding@oregon.uoregon.edu|"They burn their bridges as they http://gladstone.uoregon.edu/~sharding/ | go." Consulting: http://www.efn.org/~seanh | --Natalie Merchant To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SGI.4.02.9809101105420.54-100000>