From owner-freebsd-chat@FreeBSD.ORG Mon Oct 25 04:49:20 2004 Return-Path: Delivered-To: freebsd-chat@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9013C16A4CE for ; Mon, 25 Oct 2004 04:49:20 +0000 (GMT) Received: from mortis.over-yonder.net (adsl-222-79-209.jan.bellsouth.net [68.222.79.209]) by mx1.FreeBSD.org (Postfix) with ESMTP id E06F143D1D for ; Mon, 25 Oct 2004 04:49:19 +0000 (GMT) (envelope-from gh@over-yonder.net) Received: by mortis.over-yonder.net (Postfix, from userid 1012) id A617C20F9D; Sun, 24 Oct 2004 23:49:18 -0500 (CDT) Date: Sun, 24 Oct 2004 23:49:18 -0500 From: "Daniel M. Kurry" To: Jerry Bell Message-ID: <20041025044918.GC48024@over-yonder.net> References: <200410242157.i9OLvRtV011244@2ens11.uta.edu> <3744.24.98.86.57.1098677603.squirrel@24.98.86.57> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3744.24.98.86.57.1098677603.squirrel@24.98.86.57> X-Editor: vi X-OS: FreeBSD User-Agent: Mutt/1.5.6i-fullermd.2 cc: freebsd-chat@freebsd.org Subject: Re: RedHat: Buffer Overflow in 'ls' and 'mkdir' X-BeenThere: freebsd-chat@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Non technical items related to the community List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Oct 2004 04:49:20 -0000 Jerry Bell said something like: > A healthy bit of skepticism goes a long way. I choked on the first > sentence: "Redhat found a vulnerability in fileutils (ls and mkdir), that > could allow a remote attacker to execute arbitrary code with root > privileges." The word "remote" stands out like a sore thumb to me. > *cough Then again, RedHat is one of those *Linux derivatives* that are smelling more like Windows by the day. 'ls' could perform a dictionary lookup to point out spelling errors in filenames. Daniel, "Hey, this is -chat, right?" 8-) 8-)