From owner-freebsd-security Thu Sep 10 14:23:00 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA29708 for freebsd-security-outgoing; Thu, 10 Sep 1998 14:23:00 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from aniwa.sky (pppk-10.igrin.co.nz [202.49.245.89]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA29700 for ; Thu, 10 Sep 1998 14:22:56 -0700 (PDT) (envelope-from andrew@squiz.co.nz) Received: from localhost (andrew@localhost) by aniwa.sky (8.8.7/8.8.7) with SMTP id JAA05654; Fri, 11 Sep 1998 09:19:42 +1200 (NZST) (envelope-from andrew@squiz.co.nz) Date: Fri, 11 Sep 1998 09:19:42 +1200 (NZST) From: Andrew McNaughton X-Sender: andrew@aniwa.sky Reply-To: andrew@squiz.co.nz To: Studded cc: Michael Richards <026809r@dragon.acadiau.ca>, security@FreeBSD.ORG Subject: terminal escape exploit (was Re: cat exploit) In-Reply-To: <35F818CA.8647A116@dal.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 10 Sep 1998, Studded wrote: > It seems to me that a lot of people missed the point of one of the > warnings that someone else posted in response actually. Don't use cat > routinely to view files. Use more, or better yet less since less doesn't > view binary files by default. It's not just cat that you've got to worry about. tail is another one. How many people routinely use 'tail -f' to monitor log info that includes potentially tainted content. The problem is not cat. It's xterm and other similar terminal programs. Andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message