> It's possible to make .plan or .project to be named pipes, which means that > the act of reading them can cause code to be executed. If finger executes > suid root, then said code can execute as root. The potential for mischief > should be obvious. > could you explain this a bit? from my knowledge trying to read a pipe does not execute any process. if there is nothing on the other end then there is simply no data available. and i also cannot imagine, that finger executes the data read from the .plan and .project files - otherwise anybody could make his files trojan horses, which attack any user which fingers the evil user. did i miss something? just curious ...
-- Hi! I'm a .signature virus! Copy me into your ~/.signature, please! -- If Windows is the answer, I want the problems back!
