janssen@parc.xerox.com (Bill Janssen) (02/28/90)
It is possible to embed a tm object in a message, with an attached command. When the message is read, the command will be executed. Luckily, it often seems to core-dump. Bill
nsb@thumper.bellcore.com (Nathaniel Borenstein) (03/01/90)
Excerpts from internet.info-andrew: 27-Feb-90 letter-bomb with tm! Bill Janssen@parc.xerox. (179) > It is possible to embed a tm object in a message, with an attached > command. When the message is read, the command will be executed. > Luckily, it often seems to core-dump. If this is true -- and I'm not sure how to reproduce it -- it is sufficiently serious that I think it should be patched, even if tm isn't a supported program. This is aTrojan horse you could drive a truck through! But how can you attach a command to a tm?
janssen@parc.xerox.com (Bill Janssen) (03/01/90)
tm saves the command it runs in its sub-process. When you tm_Write, it saves the command in the file. When you tm_Read, it reads the command and calls StartProcess with it. Fun, eh? Bill
nsb@THUMPER.BELLCORE.COM (Nathaniel Borenstein) (03/01/90)
Well, that's sort of why I asked the question. What you described seems to be the *intended* behavior, but I couldn't get it to happen -- tm's Write method seems to be broken, and just writes out csh -c -f instead of what it is supposed to write out. The only way I could find of reproducing the tm bug was to put together a data stream by hand. Granted that this is still a horrible bug that has to be taken care of immediately, I was intensely curious as to how you discovered it. Still am, for that matter, since I haven't found any way to make the bug happen without putting together the data stream by hand. If you're going to give a detailed answer, however, it is probably best not to post it to the net.... -- Nathaniel