From owner-freebsd-security  Thu Sep 10 13:08:16 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA13150
          for freebsd-security-outgoing; Thu, 10 Sep 1998 13:08:16 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from dfw.nationwide.net (dfw.nationwide.net [198.175.15.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA13137
          for <security@FreeBSD.ORG>; Thu, 10 Sep 1998 13:08:06 -0700 (PDT)
          (envelope-from aleph1@dfw.net)
Received: from localhost (aleph1@localhost)
	by dfw.nationwide.net (8.9.0/8.9.0) with SMTP id PAA17800;
	Thu, 10 Sep 1998 15:01:33 -0500 (CDT)
Date: Thu, 10 Sep 1998 15:01:32 -0500 (CDT)
From: Aleph One <aleph1@dfw.net>
X-Sender: aleph1@dfw.nationwide.net
To: "Jordan K. Hubbard" <jkh@time.cdrom.com>
cc: Michael Richards <026809r@dragon.acadiau.ca>, security@FreeBSD.ORG
Subject: Re: cat exploit 
In-Reply-To: <17574.905449550@time.cdrom.com>
Message-ID: <Pine.SUN.4.01.9809101458470.13293-100000@dfw.nationwide.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 10 Sep 1998, Jordan K. Hubbard wrote:

> The problem is that Jay's message didn't actually have a point. :)
> 
> Rather, it described a symtom common to most VT100 compliant terminal
> emulators and something very clearly under the "well don't DO that then"
> category.  It's nothing new at all and if you're not sure of the
> contents of a file, don't just blindly cat it to your screen.  The
> same goes for any binary I might hand you - if I put up a file on
> an FTP site called ``megaspacewar.exe'' and you go and run it on your
> Windows box and it trojans you to death (or worse), who's fault is
> that? :-)  Same basic issue.

Whoa! If you dont know the contents of a file dont read it. If you dont
read a file you dont know its contents. Thats some really useful
suggestion.

How about something more practical? Like being able to turn off this
"feature".

> - Jordan

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5 
Fingerprint EE C9 E8 AA CB AF 09 61  8C 39 EA 47 A8 6A B8 01 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message