From owner-freebsd-questions@FreeBSD.ORG  Wed Jul 27 00:04:44 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0ACC416A41F
	for <freebsd-questions@freebsd.org>;
	Wed, 27 Jul 2005 00:04:44 +0000 (GMT)
	(envelope-from lane@joeandlane.com)
Received: from smtpauth08.mail.atl.earthlink.net
	(smtpauth08.mail.atl.earthlink.net [209.86.89.68])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8069B43D45
	for <freebsd-questions@freebsd.org>;
	Wed, 27 Jul 2005 00:04:43 +0000 (GMT)
	(envelope-from lane@joeandlane.com)
Received: from [66.47.111.183] (helo=joeandlane.com)
	by smtpauth08.mail.atl.earthlink.net with asmtp
	(TLSv1:DES-CBC3-SHA:168) (Exim 4.34) id 1DxZPe-0001ZC-TZ
	for freebsd-questions@freebsd.org; Tue, 26 Jul 2005 20:04:43 -0400
Received: from joeandlane.com (localhost [127.0.0.1])
	by joeandlane.com (8.13.4/8.13.1) with ESMTP id j6R0C1Tl049665
	for <freebsd-questions@freebsd.org>;
	Tue, 26 Jul 2005 19:12:01 -0500 (CDT)
	(envelope-from lane@joeandlane.com)
Received: from localhost (localhost [[UNIX: localhost]])
	by joeandlane.com (8.13.4/8.13.1/Submit) id j6R0C0mT049664
	for freebsd-questions@freebsd.org; Tue, 26 Jul 2005 19:12:00 -0500 (CDT)
	(envelope-from lane@joeandlane.com)
X-Authentication-Warning: joeandlane.com: lholcombe set sender to
	lane@joeandlane.com using -f
From: Lane <lane@joeandlane.com>
To: freebsd-questions@freebsd.org
Date: Tue, 26 Jul 2005 19:11:59 -0500
User-Agent: KMail/1.8
References: <20050726183029.M97284@neptune.atopia.net>
	<200507261849.46220.lane@joeandlane.com>
	<d4b4435a0507261647325c336c@mail.gmail.com>
In-Reply-To: <d4b4435a0507261647325c336c@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200507261912.00255.lane@joeandlane.com>
X-CD-SOLUTIONS-MailScanner-Information: Please contact the ISP for more
	information
X-CD-SOLUTIONS-MailScanner: Found to be clean
X-CD-SOLUTIONS-MailScanner-From: lane@joeandlane.com
X-ELNK-Trace: e56a4b6ca9bdfda11aa676d7e74259b7b3291a7d08dfec79fb837e18df17e0d2a2ec1bbc679a9725350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
X-Originating-IP: 66.47.111.183
Subject: Re: cat /dev/urandom
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Jul 2005 00:04:44 -0000

On Tuesday 26 July 2005 18:47, Michael Beattie wrote:
> On 7/26/05, Lane <lane@joeandlane.com> wrote:
> > On Tuesday 26 July 2005 18:18, Michael Beattie wrote:
> > > `cat /dev/urandom` will do just that... it's not also going to run
> > > code from within that output.
> > >
> > > On 7/26/05, Lane <lane@joeandlane.com> wrote:
> > > > On Tuesday 26 July 2005 17:35, Michael Beattie wrote:
> > > > > On 7/26/05, Matt Juszczak <matt@atopia.net> wrote:
> > > > > > Hi all,
> > > > > >
> > > > > > Quick question.
> > > > > >
> > > > > > shell# cat /dev/urandom
> > > > > >
> > > > > > can that executed as root cause any harm to the system?  What if
> > > > > > a random sequence of `rm *` was generated... would it be
> > > > > > executed?
> > > > > >
> > > > > > I tried that to fix my terminal and forgot it might cause damage
> > > > > > as root, even if its just being cat'd to the screen.  I thought I
> > > > > > saw some files fly by which would indicate an execution of
> > > > > > `ls`....
> > > > > >
> > > > > > Just curious....
> > > > >
> > > > > If you had a file with an rm * in it and you cat'd it would it
> > > > > execute? _______________________________________________
> > > >
> > > > That's a good answer, but what if the command was:
> > > >
> > > > `cat /dev/urandom`
> > > >
> > > > could /dev/urandom generate arbitrary and potentially executable
> > > > code?
> > > >
> > > > I'm curious, too
> > > >
> > > > lane
> > > > _______________________________________________
> >
> > Hmmm.... interesting.
> >
> > if I create a file, test, in the current directory like this:
> >
> > echo -n ls -al >test
> >
> > Then type `cat test`
> >
> > I get a directory listing.
> >
> > Assuming that /dev/urandom generates something like "ls -al" followed by
> > a newline, then it stands to reason that `cat /dev/urandom` will actually
> > execute the command "ls -al"
> >
> > Why is it that this does not hold true for `cat /dev/urandom` ?
> >
> > Still curious
>
> Huh.  Look at that.  I guess I was wrong.  I wonder why...
>
> Maybe the `` makes it "escape" from the shell and so it cats the file
> and then when it comes back to the shell it sees the ls -al and runs
> it.
Yeah, backticks are good for that.

it seems like  /dev/urandom generates mostly ... random ... stuff.  But I 
wonder if there are any safeguards to prevent such a combination from being 
generated.

After reading "man 4 random" and /usr/src/sys/dev/random/randomdev.c, it seems 
that the output of /dev/urandom is "truly random." 

So I guess the only thing that prevents such an occurrence is careful thought 
before you make such a call :)

lane