From owner-freebsd-security Thu Sep 10 14:28:55 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id OAA00786 for freebsd-security-outgoing; Thu, 10 Sep 1998 14:28:55 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from dfw.nationwide.net (dfw.nationwide.net [198.175.15.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA00771 for ; Thu, 10 Sep 1998 14:28:42 -0700 (PDT) (envelope-from aleph1@dfw.net) Received: from localhost (aleph1@localhost) by dfw.nationwide.net (8.9.0/8.9.0) with SMTP id QAA13246; Thu, 10 Sep 1998 16:22:31 -0500 (CDT) Date: Thu, 10 Sep 1998 16:22:30 -0500 (CDT) From: Aleph One X-Sender: aleph1@dfw.nationwide.net To: Jared Mauch cc: "Jordan K. Hubbard" , Michael Richards <026809r@dragon.acadiau.ca>, security@FreeBSD.ORG Subject: Re: cat exploit In-Reply-To: <19980910171918.E12040@puck.nether.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu, 10 Sep 1998, Jared Mauch wrote: > > Whoa! If you dont know the contents of a file dont read it. If you dont > > read a file you dont know its contents. Thats some really useful > > suggestion. > > Silly rabbit, tricks are for kids. > > What you really need to do is using a modern file(1), or > more specifically file with a modern magic(5) file, you can determine > the best way to view it. Are you going to really use file(1) on every README file you find to try to determine if its dangerous? Will all your users to the same? What we need to fix is silly programs like xterm that process dangerous escape characters. > - jared > > -- > Jared Mauch | pgp key available via finger from jared@puck.nether.net > | http://puck.nether.net/~jared/ > Aleph One / aleph1@dfw.net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message