Subject: Re: utf-8 and userland
To: None <tech-userlevel@NetBSD.org>
From: James K. Lowden <firstname.lastname@example.org>
Date: 03/17/2004 22:56:50
On Tue, 16 Mar 2004, Alan Barrett <email@example.com> wrote:
> I think you are missing the definition of an "answerback" message in
> this context.
I was. Thanks for the lesson. :-)
> Some terminals allow a
> specially formatted message from the host to *change* the answerback
Is it reasonable to disable this feature in the xterm we ship with NetBSD
> > At any rate, the problem isn't limited to ls(1) in any way.
> True, but root is much more likely to run ls(1) in a random directory
> than to do anything else that exposes this vulnerability.
"More likely", sure. But find(1) seems pretty likely, too, just to name
one. Also, grep/head/tail (invoked with wildcards), "rm -i", diff, and
tar. More/less display the filename when '=' is pressed. Is that safe?
I'm no expert, and I agree ls(1) is popular, but I don't see that its use
predominates in such a way that justifies any special status or handling.