Re: Bug#33558: [SECURITY] Trivial root exploit with eterm (fwd)

To: Julian Gilbey <jdg@maths.qmw.ac.uk>
Cc: security@debian.org, debian-devel@lists.debian.org, debian-user@lists.debian.org
Subject: Re: Bug#33558: [SECURITY] Trivial root exploit with eterm (fwd)
From: Brian Almeida <bma@debian.org>
Date: Thu, 18 Feb 1999 14:19:06 -0500
Message-id: <[🔎] 19990218141906.A21825@debian.org>
In-reply-to: <m10DUhr-000Im4C@polya>; from Julian Gilbey on Thu, Feb 18, 1999 at 02:45:35PM +0000
References: <m10DUhr-000Im4C@polya>

To hopefully allay any fears, here:

> 	any title command in  .Eterm/themes/Eterm/MAIN will be executed 
> with rootprivileges:
As I've already responded, this is not true.

balmeida@terminus [~]: ls -l /tmp/foo.txt
ls: /tmp/foo.txt: No such file or directory

In the MAIN file:
title `touch /tmp/foo.txt`

After running Eterm:
balmeida@terminus [~]: ls -l /tmp/foo.txt 
-rw-r--r--   1 balmeida balmeida        0 Feb 18 14:17 /tmp/foo.txt

Reply to:

Follow-Ups:
- Re: Bug#33558: [SECURITY] Trivial root exploit with eterm (fwd)
  - From: Brian Almeida <bma@debian.org>

Prev by Date: Re: Modem Commands
Next by Date: Re: How to give users certain privileges?
Previous by thread: Re: Bootable CD?
Next by thread: Re: Bug#33558: [SECURITY] Trivial root exploit with eterm (fwd)
Index(es):
- Date
- Thread