Re: Minor hole in "cxhextris" on certain Linux.

From: Jess Kitchen (jkat_private)
Date: Sat Apr 25 1998 - 11:39:05 PDT

Next message: GvS One: "feature Re: pine/pico vt control characters bug"

Previous message: Michal Zalewski: "pine/pico vt control characters bug [2]"
Maybe in reply to: Chris Evans: "Minor hole in "cxhextris" on certain Linux."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 25 Apr 1998, Chris Evans wrote:

> On my RedHat Linux systems, cxhextris has a binary called "xhextris", and
> it runs under the euid "games".
>
> A bug in this program will allow local users to subvert the user "games",
> perhaps using this to then hide their activities (or cheat in the high
> score table!! :-)

Or perhaps do something useful like replacing /usr/games/fortune therefore
gaining the ability to have other users execute whatever you like upon
login.

> Cheers
> Chris
>

Regards,

---
Jess Kitchen (jkat_private)
    http://www.dac.org

Next message: GvS One: "feature Re: pine/pico vt control characters bug"
Previous message: Michal Zalewski: "pine/pico vt control characters bug [2]"
Maybe in reply to: Chris Evans: "Minor hole in "cxhextris" on certain Linux."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:51:15 PDT