On Tue, 18 Nov 1997, Jon Ribbens wrote:

> Mike Long <mikel@shore.net> wrote:
> > >This isn't just an esoteric problem. I wonder how many people have
> > >'fortune' in their /etc/profile? Wouldn't take you long to get a root shell.
> > 
> > This is a bit of a red herring; fortune(6) isn't controlled by dm.
> 
> Oh, um, you're right. I was sure I'd checked that ;-) :(.

Huh? It doesn't matter if fortune is controlled by dm or not; you
can still use another program controlled by dm (fish, say) to become
games, and then replace the fortune executable with a trojan.

cjs

Curt Sampson    cjs@portal.ca	   Info at http://www.portal.ca/
Internet Portal Services, Inc.	   Through infinite myst, software reverberates
Vancouver, BC  (604) 257-9400	   In code possess'd of invisible folly.