security hole in uuq -d
kai at uicsrd.csrd.uiuc.edu
kai at uicsrd.csrd.uiuc.edu
Thu Dec 15 06:54:00 AEST 1988
There is a serious security hole in the 4.3 bsd /usr/bin/uuq program that
allows everyone to delete anyone's UUCP jobs. The manpage says that only the
UUCP administrator is permitted to delete UUCP jobs, but experiments have
proven the documentation is incorrect.
It would be preferable if any user were allowed to delete their own UUCP
jobs, but not one belonging to any other user. Root and UUCP should be
able to delete any UUCP job.
Thanks
Patrick Wolfe (pat at kai.com, kailand!pat, kai at uicsrd.csrd.uiuc.edu)
System Manager, Kuck and Associates, Inc.
More information about the Comp.bugs.4bsd.ucb-fixes
mailing list