From owner-freebsd-security  Thu Sep 10 11:14:55 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA21571
          for freebsd-security-outgoing; Thu, 10 Sep 1998 11:14:55 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from dt053nb4.san.rr.com (dt053nb4.san.rr.com [204.210.34.180])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA21566
          for <freebsd-security@FreeBSD.ORG>; Thu, 10 Sep 1998 11:14:53 -0700 (PDT)
          (envelope-from Studded@dal.net)
Received: from dal.net (Studded@localhost [127.0.0.1])
	by dt053nb4.san.rr.com (8.8.8/8.8.8) with ESMTP id LAA22364;
	Thu, 10 Sep 1998 11:14:29 -0700 (PDT)
	(envelope-from Studded@dal.net)
Message-ID: <35F81705.A5B83D3B@dal.net>
Date: Thu, 10 Sep 1998 11:14:29 -0700
From: Studded <Studded@dal.net>
Organization: Triborough Bridge & Tunnel Authority
X-Mailer: Mozilla 4.06 [en] (X11; I; FreeBSD 2.2.7-STABLE-0905 i386)
MIME-Version: 1.0
To: Mikael Karpberg <karpen@ocean.campus.luth.se>
CC: Jay Tribick <netadmin@fastnet.co.uk>, freebsd-security@FreeBSD.ORG
Subject: Re: Err.. cat exploit.. (!)
References: <199809101618.SAA10499@ocean.campus.luth.se>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Mikael Karpberg wrote:
> 
> According to Jay Tribick:
> > bofh$ cat sendmail.st
> > `ay5habf33*`ma}`)`Jj]:        Jsu-2.01$ xtermxterm
> > su: xtermxterm: command not found
> > bofh$
> >
> > This seems quite scarey to me, couldn't someone embed 'rm -rf /'
> > within a text file and then, if root cats the file it nukes
> > their system?
> 
> I'm not completely clear on what that is, but I've seen it also. What I
> _am_ completely clear about is that it's got nothing to do with cat, and
> instead everything to do with xterm. 

	No no, you've missed an important point here. You shouldn't use cat
routinely to view files, you should use less or more. This will help to
avoid problems like this. By default less won't even open binary files.

Doug
-- 
***           Chief Operations Officer, DALnet IRC network          ***

"Yes, the president should resign. He has lied to the American people,
time and time again, and betrayed their trust. He is no longer an
effective leader. Since he has admitted guilt, there is no reason to put
the American people through an impeachment. He will serve absolutely no
purpose in finishing out his term; the only possible solution is for the
president to save some dignity and resign."

- William Jefferson Clinton, 1974

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message