Re: /#sh:user host file names with "%" bug

From: Oswald Buddenhagen <ossi kde org>
To: mc-devel gnome org
Subject: Re: /#sh:user host file names with "%" bug
Date: Sat, 16 Jan 2010 00:41:00 +0100

On Fri, Jan 15, 2010 at 08:32:01PM +0100, Janek Kozicki wrote:
> 1. create files named 
>      efekt_skali__0.15%.png
>      efekt_skali__1.5%.png
> 
> 2. log in remotely to that host using /#sh:user host
> 
> 3. observe wrong file names:
>       efekt_skali__0.1593cf4fcng
>       efekt_skali__1.593cf4fcng
> 
> pretty weird, huh?
> 
it's not just weird, it is a potentially exploitable security hole.

Follow-Ups:
- Re: /#sh:user host file names with "%" bug
  - From: Pavel Machek

References:
- /#sh:user host file names with "%" bug
  - From: Janek Kozicki

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]