On 18/07/2015 07:40, Philip Guenther wrote:
You have in mind a place where this would be used? Where are there
bugs that this would resolve?
Hi Philip,
I originally thought it was meant to be a performance thing in busy
environments but that's because I'd misinterpreted things due to
The place to solve this is in whatever is using cat for this purpose.
check for the file type before blindly cat'ing.
this solution is like soaking your clothing with antiseptic every
morning because you are prone to stabbing yourself.
On Sun, Jul 19, 2015 at 8:26 AM, Ted Unangst
Hi Philip,
Philip Guenther wrote on Sun, Jul 19, 2015 at 11:19:53AM -0700:
On Sun, Jul 19, 2015 at 11:04 AM, Ingo Schwarze schwa...@usta.de wrote:
Philip Guenther wrote on Sun, Jul 19, 2015 at 10:28:57AM -0700:
On Sun, Jul 19, 2015 at 10:24 AM, Ingo Schwarze schwa...@usta.de wrote:
I don't
On Sun, Jul 19, 2015 at 10:24 AM, Ingo Schwarze schwa...@usta.de wrote:
...
I don't think we are vulnerable.
If my analysis is accurate, the only user-controlled files
we open in security(8) are ~/.rhosts and ~/.shosts
in check_rhosts_content(). However, there is
next unless -s
Hi Philip,
Philip Guenther wrote on Sun, Jul 19, 2015 at 10:28:57AM -0700:
On Sun, Jul 19, 2015 at 10:24 AM, Ingo Schwarze schwa...@usta.de wrote:
I don't think we are vulnerable.
If my analysis is accurate, the only user-controlled files
we open in security(8) are ~/.rhosts and ~/.shosts
On 19/07/2015 16:13, Ted Unangst wrote:
I could maybe be convinced. However, fopen is the C standard stdio function.
One reason you may be using stdio is because you want portability, so
adding nonportable extensions to it seems counter productive.
Understood, I'll leave it as it's not
On Sun, Jul 19, 2015 at 11:04 AM, Ingo Schwarze schwa...@usta.de wrote:
Philip Guenther wrote on Sun, Jul 19, 2015 at 10:28:57AM -0700:
On Sun, Jul 19, 2015 at 10:24 AM, Ingo Schwarze schwa...@usta.de wrote:
I don't think we are vulnerable.
If my analysis is accurate, the only
Sevan Janiyan wrote:
The feature was actually added to ensure whatever cat was meant to be
reading from was indeed a plain file and not another which could block a
process.
Use cat -f to avoid denial of service attacks by people who make
.rhosts files fifos.
Sevan Janiyan wrote:
On 19/07/2015 15:35, Bob Beck wrote:
The place to solve this is in whatever is using cat for this purpose.
check for the file type before blindly cat'ing.
Understood both your Ted's explanation regarding cat.
Just so it's crisp clear, ignoring cat(1), having such
Hi,
Ted Unangst wrote on Sun, Jul 19, 2015 at 10:26:19AM -0400:
Sevan Janiyan wrote:
The feature was actually added to ensure whatever cat was meant
to be reading from was indeed a plain file and not another
which could block a process.
Use cat -f to avoid denial of service attacks by
On Fri, Jul 17, 2015 at 8:07 PM, Sevan Janiyan ventur...@geeklan.co.uk wrote:
Attached is a patch to add the -f flag to cat(1).
-f ensures that cat is opening a regular file in non blocking mode
aborts otherwise.
Obtained from NetBSD src/bin/cat/cat.c r1.22 r1.34
You have in mind a place
Hi,
Attached is a patch to add the -f flag to cat(1).
-f ensures that cat is opening a regular file in non blocking mode
aborts otherwise.
Obtained from NetBSD src/bin/cat/cat.c r1.22 r1.34
Sevan Janiyan
From NetBSD
cat.c r1.22, r1.34
cat.1 r1.18, r1.25
Index: bin/cat/cat.c
12 matches
Mail list logo