Re: finger

To: Lindsay Haisley <fmouse@fmp.com>
Cc: Rostislav Vorobyev <rost@tiger.net2-ff.dsu.dp.ua>, debian-user@lists.debian.org, debian-isp@lists.debian.org
Subject: Re: finger
From: Oswald Buddenhagen <ob6@inf.tu-dresden.de>
Date: Mon, 22 May 2000 14:17:55 +0200 (CEST)
Message-id: <[🔎] Pine.LNX.4.21.0005221411430.659-100000@ugly.wh8.tu-dresden.de>
In-reply-to: <[🔎] 20000522022545.I15341@donjon.fmp.com>

> It's possible to make .plan or .project to be named pipes, which means that
> the act of reading them can cause code to be executed.  If finger executes
> suid root, then said code can execute as root.  The potential for mischief
> should be obvious.
> 
could you explain this a bit?
from my knowledge trying to read a pipe does not execute any process. if
there is nothing on the other end then there is simply no data available.
and i also cannot imagine, that finger executes the data read from the
.plan and .project files - otherwise anybody could make his files trojan
horses, which attack any user which fingers the evil user.
did i miss something? just curious ...

-- 
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
If Windows is the answer, I want the problems back!

Reply to:

Follow-Ups:
- Re: finger
  - From: Lindsay Haisley <fmouse@fmp.com>

References:
- Re: finger
  - From: Lindsay Haisley <fmouse@fmp.com>

Prev by Date: Re: Debian and the Linuxtag 2000
Next by Date: Re: Please help - network incredibly slow...
Previous by thread: Re: finger
Next by thread: Re: finger
Index(es):
- Date
- Thread