Re: /#sh:user host file names with "%" bug

From: Oswald Buddenhagen <ossi kde org>
To: mc-devel gnome org
Subject: Re: /#sh:user host file names with "%" bug
Date: Mon, 18 Jan 2010 09:24:26 +0100

On Mon, Jan 18, 2010 at 08:15:56AM +0100, Pavel Machek wrote:
> On Sat 2010-01-16 00:41:00, Oswald Buddenhagen wrote:
> > On Fri, Jan 15, 2010 at 08:32:01PM +0100, Janek Kozicki wrote:
> > > 1. create files named 
> > >      efekt_skali__0.15%.png
> > >      efekt_skali__1.5%.png
> > > 
> > > 2. log in remotely to that host using /#sh:user host
> > > 
> > > 3. observe wrong file names:
> > >       efekt_skali__0.1593cf4fcng
> > >       efekt_skali__1.593cf4fcng
> > > 
> > > pretty weird, huh?
> > > 
> > it's not just weird, it is a potentially exploitable security hole.
> 
> Well, /#sh is just a weird hack, and probably contains many similar
> problems.
> 
heh

> It should be documented that it is not safe to connect to untrusted
> hosts.
> 
that's too simplicistic. the host as such may be perfectly trusted. but
an arbitrary user could place such file names in /tmp or some other
location occasionally visited by other mc users.

> (Plus it should be fixed, of course).
> 
soon

Follow-Ups:
- Re: /#sh:user host file names with "%" bug
  - From: Janek Kozicki

References:
- /#sh:user host file names with "%" bug
  - From: Janek Kozicki
- Re: /#sh:user host file names with "%" bug
  - From: Oswald Buddenhagen
- Re: /#sh:user host file names with "%" bug
  - From: Pavel Machek

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]