From 0a2ee578857cef05487967820ffa3545e67a40cc Mon Sep 17 00:00:00 2001
From: aaron <>
Date: Fri, 6 Oct 2000 17:35:30 +0000
Subject: [PATCH] When including the listing of a directory in root's security
 mail, pass the -q flag to ls(1) so that non-printable characters will appear
 as '?'. This prevents a malicious user from fooling the administrator into
 thinking the contents of a file name are actually valid script output (note
 that you can put newlines in file names); deraadt@ ok

---
 src/etc/security | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/etc/security b/src/etc/security
index 65ca81d5..c02c13f7 100644
--- a/src/etc/security
+++ b/src/etc/security
@@ -1,6 +1,6 @@
 #!/bin/sh -
 #
-#	$OpenBSD: security,v 1.38 2000/07/23 19:49:17 rohee Exp $
+#	$OpenBSD: security,v 1.39 2000/10/06 17:35:30 aaron Exp $
 #	from: @(#)security	8.1 (Berkeley) 6/9/93
 #
 
@@ -18,7 +18,7 @@ OUTPUT=$DIR/_secure6
 
 if ! mkdir $DIR ; then
 	printf "tmp directory %s already exists, looks like:\n" $DIR
-	ls -alF $DIR
+	ls -alqF $DIR
 	exit 1
 fi