msc@qubix.UUCP (Mark Callow) (10/22/84)
This is a warning to anyone who has installed Chuck Von Rospach's (that's Chuqui) program to unpack the usenet maps. It probably applies to any similar program. By submitting a suitable set of shell commands to net.news.maps I can create untold havoc on all your systems. The recent rash of McCartney's and Springsteen's that have appeared on the net, not to mention kremvax, should demonstrate that I could easily disguise the author of the havoc. Even switching to mod.maps.all won't afford much increased security. Moral: Never install programs that fork shells that execute commands posted to a newsgroup. -- From the TARDIS of Mark Callow msc@qubix.UUCP, qubix!msc@decwrl.ARPA ...{decvax,ucbvax}!decwrl!qubix!msc, ...{amd,ihnp4,ittvax}!qubix!msc ".. I have generally found that those who were most ready to pronounce others bores had the most indisputable claims to that title in their own persons." -- Lord Byron
lee@unmvax.UUCP (10/29/84)
> By submitting a suitable set of shell commands to net.news.maps > I can create untold havoc on all your systems. The recent rash > of McCartney's and Springsteen's that have appeared on the net, > not to mention kremvax, should demonstrate that I could easily > disguise the author of the havoc. Even switching to mod.maps.all > won't afford much increased security. I have posted an equivalent program to net.sources that does NOT have this security hole. -- --Lee (Ward) {ucbvax,convex,gatech,pur-ee}!unmvax!lee