1 |
On Tue, Feb 10, 2004 at 05:33:03PM +0100, Daniel Heemann wrote: |
2 |
> On Tuesday 10 February 2004 16:46, you wrote: |
3 |
> > If you have access to a shell you can upload any file\application. |
4 |
> > |
5 |
> > http://groups.google.com/groups?q=%22uudecode+executable%22&hl=en&lr=&ie= |
6 |
> >UTF -8&oe=UTF-8&selm=1993Mar7.050518.15646%40freenet.carleton.ca&rnum=1 |
7 |
> |
8 |
> Perhaps another software which should not be installed on the system if not |
9 |
> necessary ;) |
10 |
|
11 |
You can trivially encode it with a perl script on the attacker's side, |
12 |
and "echo -e \147" (or whatever) on the victim's side. Or are you saying |
13 |
echo is also optional software that shouldn't be installed on secure |
14 |
servers? ;-) |
15 |
|
16 |
(BTW, I understand and agree with your point that it's raising the bar |
17 |
for attackers, I just don't think that deserves the title of "more secure".) |
18 |
|
19 |
-- |
20 |
When a true genius appears in the world, you may know him by this sign, that the dunces are all in confederacy against him. - Jonathan Swift |
21 |
|
22 |
-- |
23 |
gentoo-security@g.o mailing list |