On Sat, 25 Apr 1998, Chris Evans wrote: > On my RedHat Linux systems, cxhextris has a binary called "xhextris", and > it runs under the euid "games". > > A bug in this program will allow local users to subvert the user "games", > perhaps using this to then hide their activities (or cheat in the high > score table!! :-) Or perhaps do something useful like replacing /usr/games/fortune therefore gaining the ability to have other users execute whatever you like upon login. > Cheers > Chris > Regards, --- Jess Kitchen (jkat_private) http://www.dac.org
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:51:15 PDT