Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!rutgers!apple!voder!pyramid!ncc!alberta!edm!rroot From: rroot@edm.UUCP (Stephen Samuel) Newsgroups: news.admin Subject: Re: Dangerous hole in Usenet! Message-ID: <4879@edm.UUCP> Date: 8 Dec 88 04:02:24 GMT References: <993@paris.ics.uci.edu> Organization: Unexsys Systems Inc., Edmonton,AB. Lines: 15 From article <993@paris.ics.uci.edu>, by nagel@bonnie.ics.uci.edu (Mark Nagel): > In article <1988Nov27.162018.22115@ateng.ateng.com>, chip@ateng (Chip Salzenberg) writes: > |halt to all shell scripts that make references to absolute pathnames. > Except the example I recently saw in another group: > ../../../../../../etc/passwd (you get the idea). OK, so you look for references to .. as well. (then again, of course, you have to look for things like symbolic links to .., and then programs that chmod a file and then execute it and then... (any more holes to plug???) -- ------------- Stephen Samuel (userzxcv@ualtamts.bitnet or alberta!edm!steve) (Only in Canada, you say??.... Pity!)