[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

who (fwd)

From: Jan-Philip Velders <jpv jvelders tn tudelft nl>
To: linux-security redhat com
Subject: who (fwd)
Date: Thu, 30 Jul 1998 11:27:58 +0200 (CEST)

Hi *,

fwd from bugtraq 

Greetings,
Jan-Philip Velders
<gvelders jvelders tn tudelft nl>
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
| Nederlandse Linux GebruikersGroep : http://www.nllgg.nl |
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

---------- Forwarded message ----------
Date: Tue, 28 Jul 1998 20:27:21 +0200
From: Paul Boehm <paul BOEHM ORG>
To: BUGTRAQ NETSPACE ORG
Subject: who

Hi,
the 'who' program is on some systems in a privileged group
which is allowed to read utmp. On redhat linux 5.1 you can
easily crash who by many different ways (e.g. try who /bin/bash)
on freebsd you can use it to view parts of the content of files that
privileged group may read(try who /privileged/group/file).

this is no big deal with security, but gaining a more privileged group
sometimes may be the key to root compromise.

bye,
    pb

--

[ Paul S. Boehm | paul boehm priv at | http://paul.boehm.org/ | infected irc ]

Money is what gives a programmer his resources. It's an exchange system created
by human beings. It surrounds us. Works for us, binds the economy together.

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]