[2996] in bugtraq
Re: vulnerability in vi under AIX 3.2
daemon@ATHENA.MIT.EDU (Bill Pemberton)
Wed Jul 24 18:18:22 1996
Date: Wed, 24 Jul 1996 14:54:42 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Bill Pemberton <wfp5p@tigger.itc.virginia.edu>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199607241022.DAA21819@liquefy.ugcs.caltech.edu> from "Max
Bloomfield" at Jul 24, 1996 03:22:38 AM
Max Bloomfield writes:
>
> In mlist.bugtraq you write:
>
> >I can not duplicate this on our AIX 3.2.5 machines -- vi only reads
> >$HOME/.exrc . Since root's $HOME is /, you've got a bigger problem if folks
> >can write to the .exrc.....
>
> If within $HOME/.exrc "set exrc" appears, then ./.exrc will be sourced upon
> startup of vi, in AIX 3.2.4. I don't know about 3.2.5, but I suspect that
> it is the same.
>
Again, I can't duplicate this on any of our AIX 3.2.5 (or 4.X) machines. It
DOES work as you say on our 1 machine that runs AIX 3.2.4.
There are several APARs that deal with this for 3.2.5, it appears that they
all made into my copy of 3.2.5. There was a bulletin from IBM in September
of 1994 that covered the problems with vi, so IBM fixed it a long time ago...
--
Bill Pemberton wfp5p@virginia.edu
ITC/Unix Systems flash@virginia.edu
University of Virginia uunet!virginia!wfp5p
