BUGTRAQ alert - [SECURITY] [DSA-001-1] ed symlink attack

Seth W. Klein sklein at mint.net
Sat Dec 2 08:12:10 PST 2000


Jesse Tie Ten Quee wrote:
> 
> Yo,
> 
> On Wed, Nov 29, 2000 at 10:11:39PM -0500, Seth W. Klein wrote:
> > So why is ed in the book? Because if everything is broken, it still
> > works. It doesn't need advanced terminal features or libraries such
> > as ncurses It's like the -b init flag. Few know it's there or how to
> > use it, but if the worst happens, you'll need it. So true sys admins
> > know it's there and how to use it, and true unix (like) systems
> > have it.
> 
> Uhh...no
> 
> Ed is not in the book because of that reason,

I realize my wording wasn't foolproof, but you're quoting me out of
context. The context is:

> > Again, this is my view.

....not Gerard's which prompted him to include ed in the book.

> <snip rehash of Gerard's post>
>
> If i can't run my standard editor, ed is not going to help and i have
> wayyyy bigger problems.

If your editor doesn't use ncurses or anything else and is in /bin,
that's true.

> I'm going to kill myself to saying this but here goes... GNU/Linux _is
> not_ UNIX, don't expect the same things to be installed.

I think using a standard other than unix is reasonable. Ignoring
standards is, well... web browser, anyone?

> And please... you don't need to know to know howto use ed to be a
> 'true sys admin'

OK, OK, i insulted way too many of the people here. I'm sorry :) But
i was once in this situation:

There were two editors installed on my Linux system: vim and ed. I
decided to reinstall X and began by deleting it. Bye-bye vim. Yes,
vim links X libraries when possible.

So i agree with unix tradition that every system needs an emergency
editor for the same reason they have sln. (Ever used that?) And i
don't think vim is that editor. (No, i did not just say vim shouldn't
be in the book.) So what is that editor? Unix and posix (and perhaps
GNU?) say ed. Does anyone have another standard? Does anyone wish to
start one? If neither, well... web browser, anyone? :)

On further thought, there's perhaps a reason (not tradition) why
*nix uses ed: it's highly terminal independent. Even today, i can
see doing rescue work from
+ LINUX (console)
+ XTERM, etc. (console on serial line to workstation running X, or
	maybe telnet login from same.)
+ VT100 (screen(1) session on any of the above)
I doubt ed knows or cares. Are there full screen editors that do as
"well"?

cheers,
sklein
-- 
sklein at mint.net                          http://members.mint.net/sklein/

-- 
Unsubscribe: send email to lfs-discuss-request at linuxfromscratch.org
and put unsubscribe in the subject header of the message




More information about the lfs-dev mailing list