Date: Fri, 11 Sep 1998 09:09:43 +0100 (BST) From: Jay Tribick <netadmin@fastnet.co.uk> To: security@FreeBSD.ORG Subject: Re: cat exploit Message-ID: <Pine.BSF.3.96.980911090428.4232A-100000@bofh.fast.net.uk> In-Reply-To: <Pine.GSO.4.02.9809110115070.27098-100000@echonyc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
| > >How about something more practical? Like being able to turn off this
| > >"feature".
| >
| > "rm /bin/cat"
^- Not very practical, it would break a lot of scripts
| Cat has little to do with the issue under discussion, despite the
| subject line. Escape sequences can come from talk requests, naive
| write(1)-like programs or naive network clients (I have seen the first
| two, and the third is likely).
|
| Unless I missed it, nobody has defended the xterm feature in question on
| any basis except that that's how it's always been done. I also didn't
| notice any reports of recent exploits.
|
| I'd like to hear a wider variety of opinions on the matter -- in
| particular, I wonder if anyone still uses the feature for anything, and
| if it's been exploited. I don't understand why you're so dismissive
| about it.
I think we've had enough replies on this thread - I still think it
/may/ be exploitable if you had a . in your path and within the
tarball was a file called xtermxterm.. but, let's drop it here
before it gets out of hand :)
Anyone wants to reply to this, do it privately please.
Regards,
Jay Tribick <netadmin@fastnet.co.uk>
--
[| Network Admin | FastNet International | http://fast.net.uk/ |]
[| Finger netadmin@fastnet.co.uk for contact info & PGP PubKey |]
[| +44 (0)1273 T: 677633 F: 621631 e: netadmin@fast.net.uk |]
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980911090428.4232A-100000>