Re: [Full-Disclosure] FAT32 input > output = null?

From: jamie (jamie_at_arpa.com)
Date: 04/08/04

Next message: Aditya, ALD [Aditya Lalit Deshmukh]: "RE: [Full-Disclosure] FAT32 input > output = null?"

Previous message: Cesar: "Re: [Full-Disclosure] Heap Overflow in Oracle 9iAS / 10g Application Server Web Cache"
In reply to: Chris Palmer: "Re: [Full-Disclosure] FAT32 input > output = null?"
Next in thread: madsaxon: "Re: [Full-Disclosure] FAT32 input > output = null?"
Reply: madsaxon: "Re: [Full-Disclosure] FAT32 input > output = null?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Chris Palmer <chris@eff.org>
Date: Thu, 8 Apr 2004 10:56:39 -0500

I read m.wood's post, and had to go read the OP.

This is a serious vulnerability.

The type as referenced Microsoft #id-10T et al, Pebkac edition.

The other day, I was at the post office.. My postal person left a
notice for me to pick up a package.

Big, long, slow moving line.. and this Certain Ethnic woman was on her
cell phone.. talking at the top of her vocal volume, like she was on a
tin can and string about 100 miles long, really annoying everyone in
line.

This lady in front of me finally piped up "Will you be quiet? Take that
outside."

The CE woman gave this "pissoff" look to the lady in front of me, and
kept talking.

The lady turned dismissed the CE woman, and turned around to comment to
me.

"Some people are just too stupid to yell at or explain why they're
idiots," she said.

I agree.

On 7 Apr 2004, at 18:19, Chris Palmer wrote:

> chris writes:
>
>> This also works with the 2.4.24 Linux kernel (Slackware 9.1):
>
> It's the shell, not the kernel. When you say "./foo > ./foo", the shell
> interprets "> ./foo" FIRST and does something like open("foo", O_TRUNC
> |
> O_CREAT).
>
> Take a look at any Unix shell document and the open(2) man page -- this
> is old, known, documented behavior. It may violate the principle of
> least surprise, but it's not a vulnerability in the proper sense.
>
>
> --
> Chris Palmer
> Staff Technologist, Electronic Frontier Foundation
> 415 436 9333 x124 (desk), 415 305 5842 (cell)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Aditya, ALD [Aditya Lalit Deshmukh]: "RE: [Full-Disclosure] FAT32 input > output = null?"

Previous message: Cesar: "Re: [Full-Disclosure] Heap Overflow in Oracle 9iAS / 10g Application Server Web Cache"
In reply to: Chris Palmer: "Re: [Full-Disclosure] FAT32 input > output = null?"
Next in thread: madsaxon: "Re: [Full-Disclosure] FAT32 input > output = null?"
Reply: madsaxon: "Re: [Full-Disclosure] FAT32 input > output = null?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]