Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: /etc/utmp

From: mouse () collatz mcrcim mcgill edu (der Mouse)
Date: Tue, 12 Apr 1994 08:10:51 -0400


There is some code in taintperl to make sure that a symlink swap
hasn't taken place beneath the SUID scipt in question.  Grep the
perl sources for "Mail".  Larry has left a little surprise for
would-be hackers. :)


I did grep the perl source - version 4.036 - for Mail, and found only
one hit:

perl-4.036/emacs/tedstuff:Sender: mmdf () uvaarpa Virginia EDU (Uvaarpa Mail System)

You have to grep for "mail", or more precisely, "/bin/mail".  Or, to
perhaps save you the time, it's in perl.c (perl-4.036/perl.c, at least
for this version).

                                        der Mouse

                            mouse () collatz mcrcim mcgill edu
Previous By Date Next
Previous By Thread Next

Current thread: