[20759] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: in.fingerd follows sym-links on Solaris 8

daemon@ATHENA.MIT.EDU (Lyndon Nerenberg)
Thu May 24 16:04:17 2001

Message-Id: <200105241723.f4OHNat00253@orthanc.ab.ca>
From: Lyndon Nerenberg <lyndon@orthanc.ab.ca>
To: Lukasz Luzar <lluzar@developers.of.pl>
Cc: bugtraq@securityfocus.com
In-reply-to: Your message of "Thu, 24 May 2001 18:14:59 +0200."
             <Pine.LNX.4.33.0105241753470.11377-100000@unix.developers.of.pl> 
Date: Thu, 24 May 2001 11:23:36 -0600

>>>>> "Lukasz" == Lukasz Luzar <lluzar@developers.of.pl> writes:

    Lukasz>  What do you think ?

I think that 'cp /etc/passwd ~/.plan' gives the same effect.

Now if following the symlink gave you access to the shadow password
file, *that* would be a bug.

--lyndon


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[20759] in bugtraq

Re: in.fingerd follows sym-links on Solaris 8

daemon@ATHENA.MIT.EDU (Lyndon Nerenberg)Thu May 24 16:04:17 2001

daemon@ATHENA.MIT.EDU (Lyndon Nerenberg)
Thu May 24 16:04:17 2001