> It's possible to make .plan or .project to be named pipes, which means that
> the act of reading them can cause code to be executed. If finger executes
> suid root, then said code can execute as root. The potential for mischief
> should be obvious.
could you explain this a bit?
from my knowledge trying to read a pipe does not execute any process. if
there is nothing on the other end then there is simply no data available.
and i also cannot imagine, that finger executes the data read from the
.plan and .project files - otherwise anybody could make his files trojan
horses, which attack any user which fingers the evil user.
did i miss something? just curious ...
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
If Windows is the answer, I want the problems back!