[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: finger

> It's possible to make .plan or .project to be named pipes, which means that
> the act of reading them can cause code to be executed.  If finger executes
> suid root, then said code can execute as root.  The potential for mischief
> should be obvious.
could you explain this a bit?
from my knowledge trying to read a pipe does not execute any process. if
there is nothing on the other end then there is simply no data available.
and i also cannot imagine, that finger executes the data read from the
.plan and .project files - otherwise anybody could make his files trojan
horses, which attack any user which fingers the evil user.
did i miss something? just curious ...

Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
If Windows is the answer, I want the problems back!

Reply to: