[184] in Zephyr_Comments
Re: big security hole in zephyr, esp. xsetroot
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Fri Mar 24 17:18:13 1989
Date: Fri, 24 Mar 89 17:17:17 EST
From: Theodore Ts'o <tytso@ATHENA.MIT.EDU>
To: "Robert S. French" <rfrench@ATHENA.MIT.EDU>
Cc: jh@ATHENA.MIT.EDU, watch@ATHENA.MIT.EDU, zephyr-comments@ATHENA.MIT.EDU,
In-Reply-To: Robert S. French's message of Fri, 24 Mar 89 15:10:18 EST,
Reply-To: tytso@ATHENA.MIT.EDU
Date: Fri, 24 Mar 89 15:10:18 EST
From: "Robert S. French" <rfrench@ATHENA.MIT.EDU>
Sender: rfrench@ATHENA.MIT.EDU
Just for the record, this is _not_ a bug in Zephyr. The XSETROOT
stuff is _not_ included in the default zephyr.desc. This should be a
very good example of why it is a _bad_ idea to include random exec's
in your zephyr.desc file...
However, there should be a good way to pipe a message into a random
program, with out having to resort to exec echo "$message"....
- Ted
