Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!rutgers!apple!voder!pyramid!ncc!alberta!edm!rroot
From: rroot@edm.UUCP (Stephen Samuel)
Newsgroups: news.admin
Subject: Re: Dangerous hole in Usenet!
Message-ID: <4879@edm.UUCP>
Date: 8 Dec 88 04:02:24 GMT
References: <993@paris.ics.uci.edu>
Organization: Unexsys Systems Inc., Edmonton,AB.
Lines: 15

From article <993@paris.ics.uci.edu>, by nagel@bonnie.ics.uci.edu (Mark Nagel):
> In article <1988Nov27.162018.22115@ateng.ateng.com>, chip@ateng (Chip Salzenberg) writes:
> |halt to all shell scripts that make references to absolute pathnames.
> Except the example I recently saw in another group:
> ../../../../../../etc/passwd (you get the idea).
  
  OK, so you look for references to .. as well.
  (then again, of course, you have to look for things like symbolic links
to .., and then programs that chmod a file and then execute it and then...
  (any more holes to plug???)

-- 
-------------
Stephen Samuel 	  (userzxcv@ualtamts.bitnet   or  alberta!edm!steve)
(Only in Canada, you say??.... Pity!)