[8159] in bugtraq
Re: Possible DoS in rsh
daemon@ATHENA.MIT.EDU (Henrik Nordstrom)
Fri Oct 9 15:45:29 1998
Date: Fri, 9 Oct 1998 08:14:55 +0200
Reply-To: hno@HEM.PASSAGEN.SE
From: Henrik Nordstrom <hno@HEM.PASSAGEN.SE>
X-To: nick@ZETA.ORG.AU
To: BUGTRAQ@NETSPACE.ORG
Nick Andrew wrote:
> Programs (esp. daemons) which run as root should refuse to read
> control files which are symlinks (and home directories should not
> be on the same partition as /dev!).
Should this be worded: Any service daemons should refuse to read
files which are not files (symlinks, device files, pipes and other
non-disk-file types) or not owned by the right user with proper
permissions.
---
Henrik Nordstr=F6m
