Date: Mon, 30 Oct 2000 17:32:58 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: James Wyatt <jwyatt@rwsystems.net> Cc: Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, freebsd-security@FreeBSD.ORG Subject: Re: tcsh: unsafe tempfile in << redirects (fwd) Message-ID: <20001030173258.B15245@citusc17.usc.edu> In-Reply-To: <Pine.BSF.4.10.10010301845450.60655-100000@bsdie.rwsystems.net>; from jwyatt@rwsystems.net on Mon, Oct 30, 2000 at 06:59:12PM -0600 References: <20001030153129.A15198@citusc17.usc.edu> <Pine.BSF.4.10.10010301845450.60655-100000@bsdie.rwsystems.net>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Mon, Oct 30, 2000 at 06:59:12PM -0600, James Wyatt wrote: > On Mon, 30 Oct 2000, Kris Kennaway wrote: > > On Mon, Oct 30, 2000 at 01:26:41PM -0800, Cy Schubert - ITSD Open Systems Group wrote: > > > Our tcsh appears vulnerable. So is the 44bsd-csh port. > > > > Yep, stupid braindead $*&^*# shells... > > Was that comment *really* necessary? I use bash myself, but have enough > users using tcsh (and ksh, etc) that I care about them too. Of course, > some folks consider Emacs their shell... Most are just glad to have > something besides command.com to work with. (^_^) I don't care about features of the shell, I care about braindead coding practises like thinking you don't have to worry that your filename is predictable and is created insecurely. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjn+IUkACgkQWry0BWjoQKXV0wCfSkQOwkVGL7VxdvyvkwsWJyKB 4rUAoO2FRCoib0lE+VxCTJOXdIM7830r =lTWz -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001030173258.B15245>