Bugtraq: Re: Environment variables (SECURITY: too many new packages)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Environment variables (SECURITY: too many new packages)

From: ejb () CYBERSPACE ORG (Edward John Brocklesby)
Date: Wed, 1 Jul 1998 11:18:23 -0400

Hi,

will I assume be issuing identical updates) might like to take a look
at how their own OS handles pointing the following at files only root
can read and running setuid apps. (or setgid usage in some cases such as
Mutt)


On NetBSD, and perhaps other OS's, the file ~/.termcap is also checked,
so ln -s /etc/master.passwd ~/.termcap could get the root password
(I haven't tested this myself)

        -ejb

By Date By Thread

Current thread:

Re: Environment variables (SECURITY: too many new packages) Pavel Kankovsky (Jul 01)
- <Possible follow-ups>
- Re: Environment variables (SECURITY: too many new packages) Edward John Brocklesby (Jul 01)