[2986] in bugtraq
Re: vulnerability in vi under AIX 3.2
daemon@ATHENA.MIT.EDU (Bill Pemberton)
Tue Jul 23 17:50:20 1996
Date: Tue, 23 Jul 1996 13:38:07 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Bill Pemberton <wfp5p@tigger.itc.virginia.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <9607230953.ZM25801@asterix.cica.es> from "Marina Buitrago Bravo"
at Jul 23, 1996 09:53:49 AM
>
> Hello all. I have found out that under AIX 3.2 the vi editor interprets
> the file ./.exrc, even if you are root and this file is not owned by you.
> This vulnerability seems rather obvious to me, do you know if a patch
> exists for this?
>
I can not duplicate this on our AIX 3.2.5 machines -- vi only reads
$HOME/.exrc . Since root's $HOME is /, you've got a bigger problem if folks
can write to the .exrc.....
You can also make sure you run tvi since it will ONLY read /etc/.exrc
--
Bill Pemberton wfp5p@virginia.edu
ITC/Unix Systems flash@virginia.edu
University of Virginia uunet!virginia!wfp5p
