.plan

Doug Gwyn gwyn at smoke.BRL.MIL
Fri Aug 25 04:49:30 AEST 1989


In article <1989Aug23.192105.21328 at ee.rochester.edu> deke at ee.rochester.edu (Dikran Kassabian) writes:
>In article <61 at towernet.UUCP> larrym at rigel.uucp (24121-E R Inghrim(3786)556) writes:
>>when I finger some users, they've got these plans with simple animated
>>figures jumping and beeping.
>these users have terminal-dependant cursor addressing and the like in
>their .plan file.

If "finger" really does dump the contents of .plan literally to a terminal,
then you could exploit that misfeature to force-feed one of the terminal's
programmable function keys, then dump it back.  That's a good way to run
commands under somebody else's UID!  This would be a security hole that
needs to be fixed.



More information about the Comp.unix.questions mailing list