msc@qubix.UUCP (Mark Callow) (10/22/84)
This is a warning to anyone who has installed Chuck Von Rospach's
(that's Chuqui) program to unpack the usenet maps. It probably
applies to any similar program.
By submitting a suitable set of shell commands to net.news.maps
I can create untold havoc on all your systems. The recent rash
of McCartney's and Springsteen's that have appeared on the net,
not to mention kremvax, should demonstrate that I could easily
disguise the author of the havoc. Even switching to mod.maps.all
won't afford much increased security.
Moral: Never install programs that fork shells that execute commands
posted to a newsgroup.
--
From the TARDIS of Mark Callow
msc@qubix.UUCP, qubix!msc@decwrl.ARPA
...{decvax,ucbvax}!decwrl!qubix!msc, ...{amd,ihnp4,ittvax}!qubix!msc
".. I have generally found that those who were most ready to pronounce
others bores had the most indisputable claims to that title in their
own persons." -- Lord Byronlee@unmvax.UUCP (10/29/84)
> By submitting a suitable set of shell commands to net.news.maps > I can create untold havoc on all your systems. The recent rash > of McCartney's and Springsteen's that have appeared on the net, > not to mention kremvax, should demonstrate that I could easily > disguise the author of the havoc. Even switching to mod.maps.all > won't afford much increased security. I have posted an equivalent program to net.sources that does NOT have this security hole. -- --Lee (Ward) {ucbvax,convex,gatech,pur-ee}!unmvax!lee