From owner-freebsd-security  Thu Sep 10 18:21:32 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA14605
          for freebsd-security-outgoing; Thu, 10 Sep 1998 18:21:32 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from thuvia.demon.co.uk (thuvia.demon.co.uk [193.237.34.248])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA14559
          for <security@freebsd.org>; Thu, 10 Sep 1998 18:21:14 -0700 (PDT)
          (envelope-from mark@thuvia.demon.co.uk)
Received: (from mark@localhost)
	by thuvia.demon.co.uk (8.8.8/8.8.7) id CAA04444
	for security@freebsd.org; Fri, 11 Sep 1998 02:21:41 +0100 (BST)
Message-Id: <199809110121.CAA04444@thuvia.demon.co.uk>
From: mark@thuvia.demon.co.uk (Mark Valentine)
Date: Fri, 11 Sep 1998 02:21:41 +0100
In-Reply-To: Jared Mauch's message of Sep 10,  5:19pm
X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95)
To: security@FreeBSD.ORG
Subject: Re: cat exploit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> From: Jared Mauch <jared@puck.nether.net>
> Date: Thu 10 Sep, 1998
> Subject: Re: cat exploit

> 	What you really need to do is using a modern file(1), or
> more specifically file with a modern magic(5) file, you can determine
> the best way to view it.

file(1) isn't safe, e.g. try it on a file which starts:

  #! ^E

(Replace ^E with a real control char.)

		Mark.

-- 
Mark Valentine at Home <mark@thuvia.org>            http://www.thuvia.org/mark/
  "I'll be mellow when I'm DEAD."
Mark Valentine uses and endorses FreeBSD                http://www.freebsd.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message