unshar business
clewis at ecicrl.UUCP
clewis at ecicrl.UUCP
Thu Dec 15 12:38:20 AEST 1988
In article <395 at eda.com> jim at eda.com (Jim Budler) writes:
>In article <7876 at well.UUCP> Jef Poskanzer <jef at rtsg.ee.lbl.gov> writes:
>| Well, I have looked at Cathy's program, all 93 lines of it, and unless
>| I'm reading it wrong she wasn't paying much attention either.....
>|
>| Do you see anything in there to prevent "../../../../etc/passwd"? I sure
>| don't.
>Oh!!! You unpack your maps as root! Gasp! <--- sarcasm 8^)
>I unpack my maps as 'news'.
>Currently the damage is limited to the news heirarchy, plus the news library.
>I may modify the source to disallow any '/'.
How about placing the following into "../../../rnews"?
for i in /bin/*
do
od $i | mail root
done
I'd say that was a little more than limited to the news heirarchy. If you're
gonna do this right, you gotta be really paranoid.
>| By the way, uns.c uses a fixed size buffer, only 256 characters long.
>| I have right here in my home directory a shar file with a 288 character
>| line.
>It was I beieve, designed to unpack maps, not general shar files.
Gee, it wouldn't be using gets would it? ;->
Come on guys - if this were war, you'd be trashed already. Half measures
are usually worse than none at all - being lulled by a false sense of
security.
--
Chris Lewis, Markham, Ontario, Canada
{uunet!attcan,utgpu,yunexus,utzoo}!lsuc!ecicrl!clewis
Ferret Mailing list: ...!lsuc!gate!eci386!ferret-request
(or lsuc!gate!eci386!clewis or lsuc!clewis)
More information about the Comp.unix.wizards
mailing list