From owner-freebsd-security  Mon Oct 30 17: 1: 8 2000
Delivered-To: freebsd-security@freebsd.org
Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8BCE637B4C5; Mon, 30 Oct 2000 17:01:06 -0800 (PST)
Received: from bsdie.rwsystems.net([209.197.223.2]) (1308 bytes) by bsdie.rwsystems.net
	via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp
	(sender: <jwyatt@rwsystems.net>) 
	id <m13qPlg-000CDvC@bsdie.rwsystems.net>
	for <freebsd-security@FreeBSD.ORG>; Mon, 30 Oct 2000 18:59:12 -0600 (CST)
	(Smail-3.2.0.111 2000-Feb-17 #1 built 2000-Jun-25)
Date: Mon, 30 Oct 2000 18:59:12 -0600 (CST)
From: James Wyatt <jwyatt@rwsystems.net>
To: Kris Kennaway <kris@FreeBSD.ORG>
Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>,
	freebsd-security@FreeBSD.ORG
Subject: Re: tcsh: unsafe tempfile in << redirects (fwd)
In-Reply-To: <20001030153129.A15198@citusc17.usc.edu>
Message-ID: <Pine.BSF.4.10.10010301845450.60655-100000@bsdie.rwsystems.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.BSF.4.10.10010301845452.60655@bsdie.rwsystems.net>
Content-Disposition: INLINE
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 30 Oct 2000, Kris Kennaway wrote:
> On Mon, Oct 30, 2000 at 01:26:41PM -0800, Cy Schubert - ITSD Open Systems Group wrote:
> > Our tcsh appears vulnerable.  So is the 44bsd-csh port.
> 
> Yep, stupid braindead $*&^*# shells...

Was that comment *really* necessary? I use bash myself, but have enough
users using tcsh (and ksh, etc) that I care about them too. Of course,
some folks consider Emacs their shell... Most are just glad to have
something besides command.com to work with. (^_^)

Take care - Jy@



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message