Date: Thu, 10 Sep 1998 13:14:53 -0300 (ADT) From: 026809r@dragon.acadiau.ca (Michael Richards) To: security@FreeBSD.ORG Subject: cat exploit Message-ID: <199809101614.NAA07518@dragon.acadiau.ca>
index | next in thread | raw e-mail
Hi. Is it just me or did everyone miss the point of Jay's message? What would happen if I created a file called README that was binary. Since Jay accidentally had the cat'd sendmail.st execute the command "xtermxterm" then wouldn't it be possible to create a file (like the README) the people would be tricked into catting that would run commands as them? Consider running th rm command. Hell, stick it in a temp dir and make a shell script called xtermxterm and I believe catting the file will run the script. -Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809101614.NAA07518>