Bugtraq mailing list archives
Re: Environment variables (SECURITY: too many new packages)
From: ejb () CYBERSPACE ORG (Edward John Brocklesby)
Date: Wed, 1 Jul 1998 11:18:23 -0400
Hi,
will I assume be issuing identical updates) might like to take a look at how their own OS handles pointing the following at files only root can read and running setuid apps. (or setgid usage in some cases such as Mutt)
On NetBSD, and perhaps other OS's, the file ~/.termcap is also checked, so ln -s /etc/master.passwd ~/.termcap could get the root password (I haven't tested this myself) -ejb
Current thread:
- Re: Environment variables (SECURITY: too many new packages) Pavel Kankovsky (Jul 01)
- <Possible follow-ups>
- Re: Environment variables (SECURITY: too many new packages) Edward John Brocklesby (Jul 01)