|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Brett Glass (brett_at_lariat.org)
Date: Tue Oct 01 2002 - 18:36:51 CDT
At 05:25 PM 10/1/2002, f.johan.beisser wrote:
>sadly, i have to admit that won't work, not without adding in the leading
>"/". remember that "~" is expanded to "/home/$USER".
I was using the ~ notation as a shorthand. The point is that if you can
get at a user's .forward file, that's sufficient to run code as him/her.
There are lots of other clever ways, too; that's just the first
example that came to mind.
Rather than give someone the opportunity to find a clever exploit, I think
we'd best just close the hole. ;-)
--Brett
To Unsubscribe: send mail to majordomo
FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]