Bugtraq mailing list archives
runpipe v1.2 with security hole fix
From: aleph1 () DFW NET (Aleph One)
Date: Tue, 11 Mar 1997 09:24:15 -0600
-----BEGIN PGP SIGNED MESSAGE----- The latest version of runpipe is available now from sunsite or my FTP site. Runpipe is a daemon/client pair which watches a set of named pipes for a read or write action on a pipe, and then executes a program on the other end of the pipe. It is most commonly used to run a program on the other end of the .plan pipe, so that when a person fingers the account, the .plan "file" appears to contain the output of the program. This can be used to make plan files which change whenever they're read, or which deliver different messages depending on other information such as time of day or whether or not the user is logged on. This release fixes a potentially serious security bug in the daemon when run in system mode, and a potentially annoying behaviour when run in paranoid mode. I strongly recommend that nobody who runs the daemon in system mode run it with a version prior to 1.2. Here is the .lsm: Begin3 Title: Runpipe daemon and client Version: 1.2 Entered-date: March 10, 1997 Description: A package which monitors named pipes and runs a process on the other end of the pipe when a read or write access is made to the pipe. Keywords: FIFO pipe plan Author: neufeld () physics utoronto ca (Christopher Neufeld) Maintained-by: neufeld () physics utoronto ca (Christopher Neufeld) Primary-site: caliban.physics.utoronto.ca /pub/linux 17 kB runpipe-1.2.tar.gz Alternate-site: sunsite.unc.edu /pub/Linux/system/daemons Original-site: Platform: Copying-policy: GPL End - -- Christopher Neufeld neufeld () physics utoronto ca Home page: http://caliban.physics.utoronto.ca/neufeld/Intro.html "Don't edit reality for the sake of simplicity" - -- This article has been digitally signed by the moderator, using PGP. http://www.iki.fi/liw/lars-public-key.asc has PGP key for validating signature. Send submissions for comp.os.linux.announce to: linux-announce () news ornl gov PLEASE remember a short description of the software and the LOCATION. This group is archived at http://www.iki.fi/liw/linux/cola.html -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBMyUje4QRll5MupLRAQFASwP+M+6F2gqdj+919o6LdEf/plACjfcfOxbJ kRcWpRFE9UaQcWdhiPzE73nEDL/XV4RijANgBFyMEOYAYK7MyrdSpEZU+pE9uO/C f+rlHUiSdjwUUaGJyqGMeWqXvzgkHEw2VcbxWbsv//PlZk3NypPHivcft7GAgIMq tMQ9ShDocoE= =JDFv -----END PGP SIGNATURE-----
Current thread:
- Re: Bug in connect() ? Frank Hofmann (Mar 07)
- Re: Bug in connect() ? Frank Hofmann (Mar 10)
- Lynx/MSIE denial-of-service Doctor Who (Mar 10)
- Re: Lynx/MSIE denial-of-service Christopher Blizzard (Mar 10)
- SGI Security Advisory 19970301-01-P - IRIX 5.x and 6.x fsdump Aleph One (Mar 10)
- xterm segfaults from environment variables - too obvious David Luyer (Mar 10)
- Secuirty Hole In Older Perl Installs... Ken Robson (Mar 11)
- Re: xterm segfaults from environment variables - too obvious Alex Belits (Mar 11)
- Division of Privilege (DoP) - Potential Security Vulnerability Aleph One (Mar 11)
- runpipe v1.2 with security hole fix Aleph One (Mar 11)