From owner-freebsd-security  Fri Sep 11 01:10:00 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA00517
          for freebsd-security-outgoing; Fri, 11 Sep 1998 01:10:00 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns0.fast.net.uk (ns0.fast.net.uk [194.207.104.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA00509
          for <security@FreeBSD.ORG>; Fri, 11 Sep 1998 01:09:57 -0700 (PDT)
          (envelope-from netadmin@fastnet.co.uk)
Received: from na.nu.na.nu (bofh.fast.net.uk [194.207.104.22])
	by ns0.fast.net.uk (8.9.0/8.8.7) with ESMTP id JAA15353
	for <security@FreeBSD.ORG>; Fri, 11 Sep 1998 09:09:45 +0100 (BST)
Received: from bofh.fast.net.uk (bofh.fast.net.uk [194.207.104.22])
	by na.nu.na.nu (8.8.8/8.8.8) with SMTP id JAA04271
	for <security@FreeBSD.ORG>; Fri, 11 Sep 1998 09:09:43 +0100 (BST)
	(envelope-from netadmin@fastnet.co.uk)
Date: Fri, 11 Sep 1998 09:09:43 +0100 (BST)
From: Jay Tribick <netadmin@fastnet.co.uk>
X-Sender: netadmin@bofh.fast.net.uk
To: security@FreeBSD.ORG
Subject: Re: cat exploit 
In-Reply-To: <Pine.GSO.4.02.9809110115070.27098-100000@echonyc.com>
Message-ID: <Pine.BSF.3.96.980911090428.4232A-100000@bofh.fast.net.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


| > >How about something more practical? Like being able to turn off this
| > >"feature".
| > 
| > "rm /bin/cat"

        ^- Not very practical, it would break a lot of scripts

| Cat has little to do with the issue under discussion, despite the
| subject line.  Escape sequences can come from talk requests, naive
| write(1)-like programs or naive network clients (I have seen the first
| two, and the third is likely).
| 
| Unless I missed it, nobody has defended the xterm feature in question on
| any basis except that that's how it's always been done.  I also didn't
| notice any reports of recent exploits.
| 
| I'd like to hear a wider variety of opinions on the matter -- in
| particular, I wonder if anyone still uses the feature for anything, and
| if it's been exploited.  I don't understand why you're so dismissive
| about it.

I think we've had enough replies on this thread - I still think it
/may/ be exploitable if you had a . in your path and within the
tarball was a file called xtermxterm.. but, let's drop it here
before it gets out of hand :)

Anyone wants to reply to this, do it privately please.

Regards,

Jay Tribick <netadmin@fastnet.co.uk>
--
[| Network Admin | FastNet International | http://fast.net.uk/ |]
[| Finger netadmin@fastnet.co.uk for contact info & PGP PubKey |]
[|   +44 (0)1273 T: 677633 F: 621631 e: netadmin@fast.net.uk   |]



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message