Date: Thu, 10 Sep 1998 11:14:29 -0700 From: Studded <Studded@dal.net> To: Mikael Karpberg <karpen@ocean.campus.luth.se> Cc: Jay Tribick <netadmin@fastnet.co.uk>, freebsd-security@FreeBSD.ORG Subject: Re: Err.. cat exploit.. (!) Message-ID: <35F81705.A5B83D3B@dal.net> References: <199809101618.SAA10499@ocean.campus.luth.se>
next in thread | previous in thread | raw e-mail | index | archive | help
Mikael Karpberg wrote: > > According to Jay Tribick: > > bofh$ cat sendmail.st > > `ay5habf33*`ma}`)`Jj]: Jsu-2.01$ xtermxterm > > su: xtermxterm: command not found > > bofh$ > > > > This seems quite scarey to me, couldn't someone embed 'rm -rf /' > > within a text file and then, if root cats the file it nukes > > their system? > > I'm not completely clear on what that is, but I've seen it also. What I > _am_ completely clear about is that it's got nothing to do with cat, and > instead everything to do with xterm. No no, you've missed an important point here. You shouldn't use cat routinely to view files, you should use less or more. This will help to avoid problems like this. By default less won't even open binary files. Doug -- *** Chief Operations Officer, DALnet IRC network *** "Yes, the president should resign. He has lied to the American people, time and time again, and betrayed their trust. He is no longer an effective leader. Since he has admitted guilt, there is no reason to put the American people through an impeachment. He will serve absolutely no purpose in finishing out his term; the only possible solution is for the president to save some dignity and resign." - William Jefferson Clinton, 1974 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35F81705.A5B83D3B>