At 10:28 AM 6/14/97 -0400, Adam Shostack wrote:
| >Tim's post (although refuted by Marc) raises some serious issues since I | >suspect that Joe Public has his secret key sitting in c:\pgp\secring.pgp
Are FAT file lists stored as files?
not exactly. you cannot just open and read. you must jump hoops; but does the nscp hole allow execution of arbitrary code? that would be much worse ....
On a Unix box, /. refers to the file containing directory entries, the list of files in the directory. If there is an analogous file on a dos box, you can explore.
so, no: not unless you can write your own foreign code and run it on the victim pc. (Does the bug work on Unix? I've
heard it only works if java or livescript are turned on, so it hasn't worried me enough to investigate.)
Adam
-- "It is seldom that liberty of any kind is lost all at once." -Hume