From owner-freebsd-security Thu Sep 10 12:38:04 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA07150 for freebsd-security-outgoing; Thu, 10 Sep 1998 12:38:04 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gratis.grondar.za (gratis.grondar.za [196.7.18.65]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA07045 for ; Thu, 10 Sep 1998 12:37:49 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grondar.za (IDENT:SSiK1qtMBNulkbU3NYkIpzKH0dKpkC0y@localhost [127.0.0.1]) by gratis.grondar.za (8.9.1/8.9.1) with ESMTP id VAA20286; Thu, 10 Sep 1998 21:37:00 +0200 (SAST) (envelope-from mark@grondar.za) Message-Id: <199809101937.VAA20286@gratis.grondar.za> To: ben@rosengart.com cc: Jay Tribick , security@FreeBSD.ORG Subject: Re: cat exploit In-Reply-To: Your message of " Thu, 10 Sep 1998 13:44:03 -0400." References: Date: Thu, 10 Sep 1998 21:36:56 +0200 From: Mark Murray Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Snob Art Genre wrote: > 1) No, you use less. ... or view(1) or more(1) or.... NOT cat(1). > 2) So you've figured out how to execute arbitrary commands from this? > I'm not saying that's not possible, but so far the only thing this > "bug" does is output the name of xterm. Most modern terminals (and emulators) can be programmed to do wierd things. Wierd things such as "when your user types key , send sequence " for various definitions of and . This used to be an attack at universities-with-mainframes when students actually read manuals. Login: me Password: $ Message from badguy: 'elgj' qerjgp'adl'glkJSFL'Kdfjmf'sd;lkf;sdf $ logout (response to "w" from user). M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message