Re: MC shell scripts

[miguel () NUCLECU UNAM MX (Miguel de Icaza)]

> I discovered a problem with Midnight Commander's method of decompressing
> archives, which allows execution of hidden commands. Evil file may be
> prepared this way:
>
> $ gzip foo
> $ mv foo.gz "quake2-test-unknown-linux-'\`rm -f *\`'-elf-i386-generic-beta.gz"
>
> Now, this filename, when displayed by user-friendly programs (www or
> ftp browsers, file managers), will be cropped to fit in a window :)
> Under my mc (vidmode 11) it's displayed as:

This problem has been fixed in the recent editions of the GNU Midnight
Commander by Norbert Warmuth.  Recent version of the GNU Midnight
Commander do not have this problem.

To get a recent version of the program, check:

        ftp://ftp.nuclecu.unam.mx/linux/local

For the latest stable release of the program.

Best wishes,
Miguel.