Re: Environment variables (SECURITY: too many new packages)

From: Edward John Brocklesby (ejbat_private)
Date: Wed Jul 01 1998 - 08:18:23 PDT

Next message: Casper Dik: "Re: non-exec stacks on solaris."

Previous message: Pavel Kankovsky: "Re: Environment variables (SECURITY: too many new packages)"
Maybe in reply to: Alan Cox: "Environment variables (SECURITY: too many new packages)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

>will I assume be issuing identical updates) might like to take a look
>at how their own OS handles pointing the following at files only root
>can read and running setuid apps. (or setgid usage in some cases such as
>Mutt)

On NetBSD, and perhaps other OS's, the file ~/.termcap is also checked,
so ln -s /etc/master.passwd ~/.termcap could get the root password
(I haven't tested this myself)

        -ejb

Next message: Casper Dik: "Re: non-exec stacks on solaris."
Previous message: Pavel Kankovsky: "Re: Environment variables (SECURITY: too many new packages)"
Maybe in reply to: Alan Cox: "Environment variables (SECURITY: too many new packages)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:01:21 PDT