From owner-freebsd-security  Sun Sep 13 05:37:43 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA27107
          for freebsd-security-outgoing; Sun, 13 Sep 1998 05:37:43 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from tim.xenologics.com (tim.xenologics.com [194.77.5.24])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA27101
          for <freebsd-security@FreeBSD.org>; Sun, 13 Sep 1998 05:37:39 -0700 (PDT)
          (envelope-from seggers@semyam.dinoco.de)
Received: (from uucp@localhost)
	by tim.xenologics.com (8.8.5/8.8.8) with UUCP id OAA16716;
	Sun, 13 Sep 1998 14:36:34 +0200 (MET DST)
Received: from semyam.dinoco.de (semyam.dinoco.de [127.0.0.1])
	by semyam.dinoco.de (8.9.1/8.8.8) with ESMTP id OAA12240;
	Sun, 13 Sep 1998 14:34:00 +0200 (CEST)
	(envelope-from seggers@semyam.dinoco.de)
Message-Id: <199809131234.OAA12240@semyam.dinoco.de>
To: Mark Murray <mark@grondar.za>
Cc: freebsd-security@FreeBSD.ORG, seggers@semyam.dinoco.de
Subject: Re: Err.. cat exploit.. (!) 
In-reply-to: Your message of "Sun, 13 Sep 1998 12:56:16 +0200."
             <199809131056.MAA15702@gratis.grondar.za> 
Date: Sun, 13 Sep 1998 14:33:58 +0200
From: Stefan Eggers <seggers@semyam.dinoco.de>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> > As I understand it these actions are meant for use in X resources to

> You misunderstand the terminal model.

No, it was specifically about xterm's action string() as was visible
by reading the text I quoted.  My intention was to explain why this
specific thing isn't harmful if used propperly, i.e. only oneself has
access to the X server when logged in.

> Can we put this to sleep now?

For a generic terminal it was at sleep for me already as I know about
the problem for at least a decade.

I just didn't see anybody saying a word about xterm's action string()
and as I know that these things can sometimes be hard to understand I
just wanted to give some help for those trying.

Stefan.
-- 
Stefan Eggers                 Lu4 yao2 zhi1 ma3 li4,
Max-Slevogt-Str. 1            ri4 jiu3 jian4 ren2 xin1.
51109 Koeln
Federal Republic of Germany


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message