Date: Thu, 05 Oct 2000 22:21:14 +0100 From: Brian Somers <brian@Awfulhak.org> To: Kris Kennaway <kris@citusc.usc.edu> Cc: Brian Somers <brian@Awfulhak.org>, Ruslan Ermilov <ru@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, brian@Awfulhak.org Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <200010052121.e95LLEn36406@hak.lan.Awfulhak.org> In-Reply-To: Message from Kris Kennaway <kris@citusc.usc.edu> of "Thu, 05 Oct 2000 13:58:33 PDT." <20001005135833.A87853@citusc17.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, Oct 05, 2000 at 06:15:31PM +0100, Brian Somers wrote:
> > > ru 2000/10/05 08:56:13 PDT
> > >
> > > Modified files:
> > > usr.bin/finger finger.c
> > > Log:
> > > Do not allow `finger -m /somefile' as well.
> > >
> > > Revision Changes Path
> > > 1.21 +4 -4 src/usr.bin/finger/finger.c
> >
> > Errum, thanks. Can you mfc too ?
>
> You know, perhaps after two security holes we should just
> back this darn thing out until someone can review it?
finger -m isn't runnable via fingerd. This error gives local users
read access to user ``nobody''s files.
If you've got no confidence in the code, I won't get in your way if
you want to back it out.
> Kris
--
Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org>
<http://www.Awfulhak.org>; <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010052121.e95LLEn36406>