On Sat 2010-01-16 00:41:00, Oswald Buddenhagen wrote: > On Fri, Jan 15, 2010 at 08:32:01PM +0100, Janek Kozicki wrote: > > 1. create files named > > efekt_skali__0.15%.png > > efekt_skali__1.5%.png > > > > 2. log in remotely to that host using /#sh:u...@host > > > > 3. observe wrong file names: > > efekt_skali__0.1593cf4fcng > > efekt_skali__1.593cf4fcng > > > > pretty weird, huh? > > > it's not just weird, it is a potentially exploitable security hole.
Well, /#sh is just a weird hack, and probably contains many similar problems. It should be documented that it is not safe to connect to untrusted hosts. (Plus it should be fixed, of course). -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html _______________________________________________ Mc-devel mailing list http://mail.gnome.org/mailman/listinfo/mc-devel
