Path: utzoo!utgpu!watmath!clyde!att!ucbvax!ucsd!orion.cf.uci.edu!paris.ics.uci.edu!nagel
From: nagel@bonnie.ics.uci.edu (Mark Nagel)
Newsgroups: news.admin
Subject: Re: Dangerous hole in Usenet!
Message-ID: <993@paris.ics.uci.edu>
Date: 29 Nov 88 00:47:02 GMT
References: <1227@vsi1.UUCP> <117@hudson.Morgan.COM> <1988Nov27.162018.22115@ateng.ateng.com>
Sender: news@paris.ics.uci.edu
Reply-To: nagel@bonnie.ics.uci.edu (Mark Nagel)
Organization: University of California, Irvine - Dept of ICS
Lines: 12
In-reply-to: chip@ateng.ateng.com (Chip Salzenberg)

In article <1988Nov27.162018.22115@ateng.ateng.com>, chip@ateng (Chip Salzenberg) writes:
|
|On the other hand, it wouldn't take much to make it safe -- such as, put a
|halt to all shell scripts that make references to absolute pathnames.

Except the example I recently saw in another group:

../../../../../../etc/passwd (you get the idea).

Mark Nagel
nagel@ics.uci.edu
nagel@ucivax.UUCP