[7132] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Environment variables (SECURITY: too many new packages)

daemon@ATHENA.MIT.EDU (Edward John Brocklesby)
Wed Jul 1 13:17:16 1998

Date: 	Wed, 1 Jul 1998 11:18:23 -0400
Reply-To: Edward John Brocklesby <ejb@CYBERSPACE.ORG>
From: Edward John Brocklesby <ejb@CYBERSPACE.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  Your message of "Wed, 01 Jul 1998 00:42:10." 
              <m0yrA2N-000aOnC@the-village.bc.nu>

Hi,

>will I assume be issuing identical updates) might like to take a look
>at how their own OS handles pointing the following at files only root
>can read and running setuid apps. (or setgid usage in some cases such as
>Mutt)

On NetBSD, and perhaps other OS's, the file ~/.termcap is also checked,
so ln -s /etc/master.passwd ~/.termcap could get the root password
(I haven't tested this myself)

        -ejb


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[7132] in bugtraq

Re: Environment variables (SECURITY: too many new packages)

daemon@ATHENA.MIT.EDU (Edward John Brocklesby)Wed Jul 1 13:17:16 1998

daemon@ATHENA.MIT.EDU (Edward John Brocklesby)
Wed Jul 1 13:17:16 1998