FVWM: Re: Re: Security hole in FvwmM4 (?) and Manpage patch for FvwmM4

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: David S. Goldberg <dsg_at_linus.mitre.org>
Date: 04 Dec 1996 15:41:35 -0500

> But what if you _are_ root?

Then so what? If you, as root, are vulnerable to a trojan version of
m4, then either you've allowed someone write access to directories you
trust, you've allowed someone to write to your .profile (thus giving
you a PATH you didn't expect) or the attacker found some other way to
break root and won't be wasting her time putting a different version
of m4 in your path -- she'd just replace the standard one.

--
Dave Goldberg
Post: The Mitre Corporation\MS B305\202 Burlington Rd.\Bedford, MA 01730
Phone: 617-271-3887
Email: dsg_at_mitre.org
--
Visit the official FVWM web page at <URL:http://www.hpc.uh.edu/fvwm/>.
To unsubscribe from the list, send "unsubscribe fvwm" in the body of a
message to majordomo_at_hpc.uh.edu.
To report problems, send mail to fvwm-owner_at_hpc.uh.edu.

Received on Wed Dec 04 1996 - 14:42:00 GMT

This archive was generated by hypermail 2.3.0 : Mon Aug 29 2016 - 19:37:59 BST