From owner-freebsd-security Mon Oct 30 15:29:33 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id EE35837B4C5 for ; Mon, 30 Oct 2000 15:29:24 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id e9UNVTg15221; Mon, 30 Oct 2000 15:31:29 -0800 (PST) (envelope-from kris) Date: Mon, 30 Oct 2000 15:31:29 -0800 From: Kris Kennaway To: Cy Schubert - ITSD Open Systems Group Cc: freebsd-security@FreeBSD.ORG Subject: Re: tcsh: unsafe tempfile in << redirects (fwd) Message-ID: <20001030153129.A15198@citusc17.usc.edu> References: <200010302127.e9ULRCe24280@cwsys.cwsent.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="Q68bSM7Ycu6FN28Q" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200010302127.e9ULRCe24280@cwsys.cwsent.com>; from Cy.Schubert@uumail.gov.bc.ca on Mon, Oct 30, 2000 at 01:26:41PM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Oct 30, 2000 at 01:26:41PM -0800, Cy Schubert - ITSD Open Systems Group wrote: > Our tcsh appears vulnerable. So is the 44bsd-csh port. Yep, stupid braindead $*&^*# shells... Kris --Q68bSM7Ycu6FN28Q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjn+BNEACgkQWry0BWjoQKW1SgCgz4By//sJRekH1EkqftDHgjKO EOgAoLcHm3myVNUzGDhYA0f9FtzipQu7 =oh/7 -----END PGP SIGNATURE----- --Q68bSM7Ycu6FN28Q-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message