From owner-freebsd-security Thu Sep 10 11:03:07 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id LAA18895 for freebsd-security-outgoing; Thu, 10 Sep 1998 11:03:07 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gutenberg.uoregon.edu (gutenberg.uoregon.edu [128.223.56.211]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA18888 for ; Thu, 10 Sep 1998 11:03:05 -0700 (PDT) (envelope-from sharding@gutenberg.uoregon.edu) Received: from localhost (sharding@localhost) by gutenberg.uoregon.edu (8.9.1/8.9.1) with SMTP id LAA00437; Thu, 10 Sep 1998 11:07:03 -0700 (PDT) Date: Thu, 10 Sep 1998 11:07:03 -0700 From: Sean Harding Reply-To: Sean Harding To: Jay Tribick cc: security@FreeBSD.ORG Subject: Re: cat exploit In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 10 Sep 1998, Jay Tribick wrote: > something as root you usually cat the file INSTALL to find out what > you need to do - it would be relatively simple to embed a command > in there to just rm -rf / & your hd! I agree that this is a problem...However, your example is yet another good reason to do as little as root as possible. You should read all of the documentation and build the software as a normal user. Only su or sudo for the 'make install' command... Sean -- Sean Harding sharding@oregon.uoregon.edu|"They burn their bridges as they http://gladstone.uoregon.edu/~sharding/ | go." Consulting: http://www.efn.org/~seanh | --Natalie Merchant To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message