Great Circle Associates Firewalls
(March 1994) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Mosaic and ANS Interlock
From: gml4410 @ ggr . co . uk
Date: Wed, 30 Mar 1994 11:50:14 +0100
To: comp-infosystems-www @ cs . utexas . edu, firewalls @ GreatCircle . COM
Cc: ebina @ ncsa . uiuc . edu 
> When this gets dereferenced, Mosaic executes the following command:
> 
>    system("xterm -e telnet x ; rm -rf *");

     This could be looked upon as "lazy" programming, which can often
lead to security problems.  If the code actually did something like:

  if (fork() != 0) 
      execlp("xterm", "xterm", "-e", "telnet", "<users-args>", 0);

then the <user-args> are passed as a single argument and telnet would
gripe that "x ; rm -rf *" is an unknown host.


----------- Gordon Lack ----------------- gml4410 @
 ggr .
 co .
 uk  ------------
The contents of this message *may* reflect my personal opinion.  They are
*not* intended to reflect those of my employer, or anyone else.
Indexed By Date Previous: Re: FAQ --- cheap packet screening tools
From: hduc @ epa . gov . au
Next: Re: Mosaic and ANS Interlock
From: jim @ Tadpole . COM (Jim Thompson)
Indexed By Thread Previous: Re: Mosaic and ANS Interlock
From: Steve Simmons <scs @ lokkur . dexter . mi . us>
Next: Re: Mosaic and ANS Interlock
From: jim @ Tadpole . COM (Jim Thompson)
Google
 
Search Internet Search www.greatcircle.com