Finger applet?
Rich Felker
dalias at aerifal.cx
Mon May 1 01:14:18 UTC 2006
On Sun, Apr 30, 2006 at 04:30:17PM +0200, walter harms wrote:
> of cause this does not work work (my kmem if also 600).
> the point is that you can play games with .plan and .project
> that were used to confuse unsuspecting users.
> computers are much saver now but i do not see a need for finger.
People who don't need finger won't use it, but there's no harm in
having it. There is nothing insecure about the "games" you can play
with .plan and .project and symlinks. The exact same can be done with
a web server. These semantics are correct; if you see them as a
security problem then you either need to rethink your file permissions
or rethink whether you really want to have users on your system at
all...
Hint: for people who think ln -s /etc/passwd ~/.plan (or ln -s
/etc/passwrd ~/public_html/foo.txt) is a vuln, you should consider
that cp /etc/passwd ~/.plan gives the exact same results as long as
the user runs it sufficiently often.
Rich
More information about the busybox
mailing list