Date: Fri, 11 Oct 1996 13:17:44 +0400 (MSD) From: "=?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?=" (Andrey A. Chernov) <ache@nagual.ru> To: joerg_wunsch@uriah.heep.sax.de Cc: sos@freefall.freebsd.org, CVS-committers@freefall.freebsd.org, cvs-all@freefall.freebsd.org, cvs-usrsbin@freefall.freebsd.org Subject: Re: cvs commit: src/usr.sbin/ppp command.c Message-ID: <199610110917.NAA00448@nagual.ru> In-Reply-To: <199610110741.JAA04262@uriah.heep.sax.de> from "J Wunsch" at "Oct 11, 96 09:41:23 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> As Soren Schmidt wrote: > > sos 96/10/10 04:27:38 > > > > Modified: usr.sbin/ppp command.c > > Log: > > Allow shell commands in all modes. > > Do you get a root shell now if you run ``ppp -auto'', connect to port > 3000, and issue a `shell'? I would consider this a very bad move! > Yes, we just make security hole, it should be fixed. telnet localhost ppp passwd xxx shell cat /etc/passwd works and shouldn't. -- Andrey A. Chernov <ache@nagual.ru> http://www.nagual.ru/~ache/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610110917.NAA00448>