[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kmail-devel
Subject:    aaaaiiiiiiieeeeeeeee dangerous
From:       George Staikos <staikos () 0wned ! org>
Date:       2000-01-31 20:26:43
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----


   I don't know if I misunderstood this, but:

   Today in bugtraq, Michal Zalewski posted a shellscript exploit to redhat
linux as an attachment.  I klicked on it thinking it would display the
script.  To my surprise it tried to *RUN* the script!!!!  This is not good! 
(luckily it failed for some reason).  I don't think the default on
executables should be "run".   I tried to "view" it and it failed to view as
well.  I'm going to hav ea look at this in the latest CVS code but we should
be careful.

- -- 

George Staikos 


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2

iQEVAwUBOJXw6vaardfOEhQRAQFiRQf+LzrqLx9aqMhTZNfmVfaksq1yJ6+lIWr+
SCmTjCCYU1tpXEC1PXd8B8cNfdxLr+BSgPE5sM4+j+4NEuoizDu17hj2PdRp5mK3
Ml4WtQCO59QYYg9dk4KCEkDAh+LULHPKuXcDD2cLnBbDf2FunAllFSM/Tl1/dRiu
maWJhqydYn3o9fToVC2fd563OsvSAUiDsILHR+KG24/eMrrBRItCsvI19l+L42z8
xT8+EnPJBGBqeWXMFu5LUbRxwZNd5Qy8XHo8SuPScgyfIzvgG1uMgOGtW8itNWur
T/28eJnRMFP6+ba+gXnYyC8xaAxKJhNqN2PPpS/eu5lyJzBr8jXf5A==
=YxZX
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]