[10777] in bugtraq
Re: Windows NT 4.0, 95, 98 (?) networked PRN flaw
daemon@ATHENA.MIT.EDU (Lyndon Nerenberg)
Thu Jun 10 13:54:47 1999
Mime-Version: 1.0
Content-Type: TEXT/plain; CHARSET=US-ASCII
Message-Id: <199906091847.OAA30283@netspace.org>
Date: Wed, 9 Jun 1999 12:47:10 -0600
Reply-To: Lyndon.Nerenberg@MESSAGINGDIRECT.COM
From: Lyndon Nerenberg <Lyndon.Nerenberg@MESSAGINGDIRECT.COM>
X-To: jogata@NODC.NOAA.GOV
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <375D5D50.538F22CB@nodc.noaa.gov>
> I wonder what would happen if I created a file called "/etc/passwd" in
> the current directory... probably nothing. But who knows?
If you created it in, say, /var/tmp, and the system had a root-run cron
job that did 'cd /var/tmp; find . -mtime +7 -print | xargs rm -f',
things would get interesting.
A quick scan through ufs_readdir() (in FreeBSD-current) indicates it
will return the file name, slashes and all. Thus, anything calling
unlink() inside of a readdir() loop would be in for one hell of a
surprise.
--
The two most common elements in the universe are Hydrogen and stupidity.
-- Harlan Ellison
