[81829] in Cypherpunks

home help back first fref pref prev next nref lref last post

Re: Impact of Netscape kernel hole

daemon@ATHENA.MIT.EDU (geeman@best.com)
Sun Jun 15 02:14:46 1997

From: geeman@best.com
Date: Sat, 14 Jun 1997 22:40:53 -0700
To: Adam Shostack <adam@homeport.org>, jya@pipeline.com (John Young)
Cc: cypherpunks@toad.com, tomw@netscape.com
Reply-To: geeman@best.com

At 10:28 AM 6/14/97 -0400, Adam Shostack wrote:
>
>
>| >Tim's post (although refuted by Marc) raises some serious issues since I
>| >suspect that Joe Public has his secret key sitting in c:\pgp\secring.pgp
>
>	Are FAT file lists stored as files?

not exactly.  you cannot just open and read. you must jump hoops; but does
the nscp hole allow execution of arbitrary code?  that would be much worse
....

>
>	On a Unix box, /. refers to the file containing directory
>entries, the list of files in the directory.  If there is an analogous
>file on a dos box, you can explore.  

so, no: not unless you can write your own foreign code and run it on the
victim pc.


(Does the bug work on Unix?  I've
>heard it only works if java or livescript are turned on, so it hasn't
>worried me enough to investigate.)
>
>Adam
>
>
>
>-- 
>"It is seldom that liberty of any kind is lost all at once."
>					               -Hume
>
>
>
>


home help back first fref pref prev next nref lref last post