[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Pinky command

From: Erik Auerswald
Subject: Re: Pinky command
Date: Thu, 12 Nov 2009 08:27:31 +0100
User-agent: Mutt/1.5.13 (2006-08-11)


On Wed, Nov 11, 2009 at 06:15:32PM -0700, Bob Proulx wrote:
> address@hidden wrote:
> > In old days, attackers used to create .project symbolic to passwd
> > and group files to get the List of login ids and group via
> > fingerd.
> The list of uids are already public in the /etc/passwd file.  That file
> is already world readable.  Therefore it isn't clear to me how using
> another command makes this a vulnerability.

Using fingerd, this could disclose login names to remote attackers.
This, of course, does not apply to local invokation of some tool that
uses normal user privileges.

A: Because it messes up the order in which people normally read text.
Q: Why is it such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]