Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
----- Original Message -----
From: Andres Salomon <dilinger@mp3revolution.net>
To: Kevin <cog@iwz.com>
Cc: <debian-security@lists.debian.org>
Sent: Monday, January 08, 2001 9:37 PM
Subject: Re: 'export RESOLV_HOST_CONF= any file you want' local
vulnerability
> try it w/ traceroute. lotsa fun, and it works
> on mandrake, too.
>
> things like this make me glad i don't have to deal w/ untrusted
> customers that have shell access...
Well, there are plenty of webhosters outside, who grant cgi-bin (perl) or
php access. Executing as the webserveruser should be no different to real
shell-users.
but i could not verify this problem with fping on debian potato..
cya
Bjoern
Reply to: