special files as .plans?
David Heath
dave at boingo.med.jhu.edu
Sat Aug 25 08:47:27 AEST 1990
Recently, I wrote a program that creates a named pipe $HOME/.plan
and writes various plans to it when I am fingered. This program was
written under ultrix. My sysadm asked me about it (and how to use
named pipes in general) a couple of weeks later, so I sent him the
source and explained how it worked. The next day, I got a message that
said, in part, "As I'm sure you have surmised, you have discovered a MAJOR
security hole."
After talking with him about it, I realized that he did not understand
how the program worked. I tried again to explain it, and told him I
was convinced that it was not a security hole. Nevertheless, he modified
the finger program to ignore .plan and .project when they were special
files.
I would be tempted to dismiss his attitude as paranoia, but he pointed
out that in ultrix 4.0, the supplied finger has the same behavior (i.e.,
ignores special files). So, what I'm wondering is:
"Is this really a security hole?"
Thanks,
--
dave heath heath at crabcake.cs.jhu.edu
More information about the Comp.unix.wizards
mailing list