Xref: utzoo news.admin:4091 news.sysadmin:1700 comp.mail.uucp:2369 Path: utzoo!attcan!uunet!husc6!bloom-beacon!mit-eddie!uw-beaver!ssc-vax!cxsea!blm From: blm@cxsea.UUCP (Brian Matthews) Newsgroups: news.admin,news.sysadmin,comp.mail.uucp Subject: Re: Dangerous hole in Usenet! Message-ID: <2572@cxsea.UUCP> Date: 27 Nov 88 18:23:31 GMT References: <1227@vsi1.UUCP> <117@hudson.Morgan.COM> <800@mailrus.cc.umich.edu> <4833@bsu-cs.UUCP> <1961@van-bc.UUCP> <151@ecicrl.UUCP> <1552@nud.UUCP> Reply-To: blm@cxsea.UUCP (Brian Matthews) Organization: Computer X Inc. Lines: 19 Dale Farnsworth (df@nud.UUCP) writes: |#! /bin/sh |cd $MAPDIR [...] | read CAT IN TERMINATOR OUT FILENAME | if [ "$CAT" != cat -o "$IN" != '<<' -o "$TERMINATOR" != \'SHAR_EOF\' -o "$OUT" != '>' ] | then [...] | else | cat >./$FILENAME What if filename is ../../../../../../../../../etc/passwd, or ../../../../../../../../../../usr/lib/news/active, or ... Whoops. -- Brian L. Matthews blm@cxsea.UUCP ...{mnetor,uw-beaver!ssc-vax}!cxsea!blm +1 206 251 6811 Computer X Inc. - a division of Motorola New Enterprises