Xref: utzoo comp.unix.wizards:13444 news.admin:4290 news.sysadmin:1942 Path: utzoo!mnetor!motto!ecijmm!ecicrl!clewis From: clewis@ecicrl.UUCP Newsgroups: comp.unix.wizards,news.admin,news.sysadmin Subject: Re: unshar business Message-ID: <164@ecicrl.UUCP> Date: 15 Dec 88 02:38:20 GMT References: <232@logicon.arpa> <7876@well.UUCP> <395@eda.com> Reply-To: clewis@ecicrl.UUCP (Chris Lewis) Organization: Elegant Communications Inc. (CRL Division) Lines: 41 In article <395@eda.com> jim@eda.com (Jim Budler) writes: >In article <7876@well.UUCP> Jef Poskanzer writes: >| Well, I have looked at Cathy's program, all 93 lines of it, and unless >| I'm reading it wrong she wasn't paying much attention either..... >| >| Do you see anything in there to prevent "../../../../etc/passwd"? I sure >| don't. >Oh!!! You unpack your maps as root! Gasp! <--- sarcasm 8^) >I unpack my maps as 'news'. >Currently the damage is limited to the news heirarchy, plus the news library. >I may modify the source to disallow any '/'. How about placing the following into "../../../rnews"? for i in /bin/* do od $i | mail root done I'd say that was a little more than limited to the news heirarchy. If you're gonna do this right, you gotta be really paranoid. >| By the way, uns.c uses a fixed size buffer, only 256 characters long. >| I have right here in my home directory a shar file with a 288 character >| line. >It was I beieve, designed to unpack maps, not general shar files. Gee, it wouldn't be using gets would it? ;-> Come on guys - if this were war, you'd be trashed already. Half measures are usually worse than none at all - being lulled by a false sense of security. -- Chris Lewis, Markham, Ontario, Canada {uunet!attcan,utgpu,yunexus,utzoo}!lsuc!ecicrl!clewis Ferret Mailing list: ...!lsuc!gate!eci386!ferret-request (or lsuc!gate!eci386!clewis or lsuc!clewis)