[4154] in bugtraq
runpipe v1.2 with security hole fix
daemon@ATHENA.MIT.EDU (Aleph One)
Tue Mar 11 11:15:28 1997
Followup-To: comp.os.linux.misc
Apparently-To: <bugtraq@NETSPACE.ORG>
Date: Tue, 11 Mar 1997 09:24:15 -0600
Reply-To: Aleph One <aleph1@DFW.NET>
From: Aleph One <aleph1@DFW.NET>
To: BUGTRAQ@NETSPACE.ORG
-----BEGIN PGP SIGNED MESSAGE-----
The latest version of runpipe is available now from sunsite or my FTP
site.
Runpipe is a daemon/client pair which watches a set of named pipes for
a read or write action on a pipe, and then executes a program on the
other end of the pipe. It is most commonly used to run a program on the
other end of the .plan pipe, so that when a person fingers the account,
the .plan "file" appears to contain the output of the program. This can
be used to make plan files which change whenever they're read, or which
deliver different messages depending on other information such as time of
day or whether or not the user is logged on.
This release fixes a potentially serious security bug in the daemon
when run in system mode, and a potentially annoying behaviour when run in
paranoid mode. I strongly recommend that nobody who runs the daemon in
system mode run it with a version prior to 1.2.
Here is the .lsm:
Begin3
Title: Runpipe daemon and client
Version: 1.2
Entered-date: March 10, 1997
Description: A package which monitors named pipes and runs a process on
the other end of the pipe when a read or write access is
made to the pipe.
Keywords: FIFO pipe plan
Author: neufeld@physics.utoronto.ca (Christopher Neufeld)
Maintained-by: neufeld@physics.utoronto.ca (Christopher Neufeld)
Primary-site: caliban.physics.utoronto.ca /pub/linux
17 kB runpipe-1.2.tar.gz
Alternate-site: sunsite.unc.edu /pub/Linux/system/daemons
Original-site:
Platform:
Copying-policy: GPL
End
- --
Christopher Neufeld neufeld@physics.utoronto.ca
Home page: http://caliban.physics.utoronto.ca/neufeld/Intro.html
"Don't edit reality for the sake of simplicity"
- --
This article has been digitally signed by the moderator, using PGP.
http://www.iki.fi/liw/lars-public-key.asc has PGP key for validating signature.
Send submissions for comp.os.linux.announce to: linux-announce@news.ornl.gov
PLEASE remember a short description of the software and the LOCATION.
This group is archived at http://www.iki.fi/liw/linux/cola.html
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBMyUje4QRll5MupLRAQFASwP+M+6F2gqdj+919o6LdEf/plACjfcfOxbJ
kRcWpRFE9UaQcWdhiPzE73nEDL/XV4RijANgBFyMEOYAYK7MyrdSpEZU+pE9uO/C
f+rlHUiSdjwUUaGJyqGMeWqXvzgkHEw2VcbxWbsv//PlZk3NypPHivcft7GAgIMq
tMQ9ShDocoE=
=JDFv
-----END PGP SIGNATURE-----
