| 1 |
On Tue, Feb 10, 2004 at 05:33:03PM +0100, Daniel Heemann wrote: |
| 2 |
> On Tuesday 10 February 2004 16:46, you wrote: |
| 3 |
> > If you have access to a shell you can upload any file\application. |
| 4 |
> > |
| 5 |
> > http://groups.google.com/groups?q=%22uudecode+executable%22&hl=en&lr=&ie= |
| 6 |
> >UTF -8&oe=UTF-8&selm=1993Mar7.050518.15646%40freenet.carleton.ca&rnum=1 |
| 7 |
> |
| 8 |
> Perhaps another software which should not be installed on the system if not |
| 9 |
> necessary ;) |
| 10 |
|
| 11 |
You can trivially encode it with a perl script on the attacker's side, |
| 12 |
and "echo -e \147" (or whatever) on the victim's side. Or are you saying |
| 13 |
echo is also optional software that shouldn't be installed on secure |
| 14 |
servers? ;-) |
| 15 |
|
| 16 |
(BTW, I understand and agree with your point that it's raising the bar |
| 17 |
for attackers, I just don't think that deserves the title of "more secure".) |
| 18 |
|
| 19 |
-- |
| 20 |
When a true genius appears in the world, you may know him by this sign, that the dunces are all in confederacy against him. - Jonathan Swift |
| 21 |
|
| 22 |
-- |
| 23 |
gentoo-security@g.o mailing list |
Archives