---Reply on mail from Jeff Johnson about x11amp bug >> x11 audio mpeg player (x11amp) version 0.65, when installed setuid root >> (as suggested by the README file), creates playlist files in ~/.x11amp >> while making 'root' the owner of these plaintext files (instead of the >> proper user). unfortunatelly, the program DOES follow symlinks, and >> overwriting for instance /etc/shadow is therefore trivial: >> >> mkdir ~/.x11amp >> ln -s /etc/shadow ~/.x11amp/ekl >> >> now run x11amp, get into the playlist menu, select 'ekl', mark all the >> entries and hit 'delete'. no matter if the prg crashes (it might), >> /etc/shadow is gone, anyway. >>-- End of excerpt from Automatic digest processor > > you can also read files not owned by you, but I have not found a way to display > them yet. But, if another user has a lot of mp3 files, fire up x11amp and > you'll be able to play them. also, start x11amp with a VERY VERY VERY LONG > filename and it seg faults.... buffer overflow? > > -- > trnat_private - [LwZ] - http://www.flinet.com/~trn > I poured Spot remover on my dog. Now he's gone. *sniff* > > ---End reply The symlink bug are fixed! get it at http://www.x11amp.ml.org Crocodile - x11amp staff
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:43:29 PDT