Xref: utzoo news.admin:4091 news.sysadmin:1700 comp.mail.uucp:2369
Path: utzoo!attcan!uunet!husc6!bloom-beacon!mit-eddie!uw-beaver!ssc-vax!cxsea!blm
From: blm@cxsea.UUCP (Brian Matthews)
Newsgroups: news.admin,news.sysadmin,comp.mail.uucp
Subject: Re: Dangerous hole in Usenet!
Message-ID: <2572@cxsea.UUCP>
Date: 27 Nov 88 18:23:31 GMT
References: <1227@vsi1.UUCP> <117@hudson.Morgan.COM> <800@mailrus.cc.umich.edu> <4833@bsu-cs.UUCP> <1961@van-bc.UUCP> <151@ecicrl.UUCP> <1552@nud.UUCP>
Reply-To: blm@cxsea.UUCP (Brian Matthews)
Organization: Computer X Inc.
Lines: 19

Dale Farnsworth (df@nud.UUCP) writes:
|#! /bin/sh
|cd $MAPDIR
[...]
|	read CAT IN TERMINATOR OUT FILENAME
|	if [ "$CAT" != cat -o "$IN" != '<<' -o "$TERMINATOR" != \'SHAR_EOF\' -o "$OUT" != '>' ]
|	then
[...]
|	else
|		cat >./$FILENAME

What if filename is ../../../../../../../../../etc/passwd, or
../../../../../../../../../../usr/lib/news/active, or ...

Whoops.

-- 
Brian L. Matthews  blm@cxsea.UUCP   ...{mnetor,uw-beaver!ssc-vax}!cxsea!blm
+1 206 251 6811    Computer X Inc. - a division of Motorola New Enterprises