[email protected] wrote: > In old days, attackers used to create .project symbolic to passwd > and group files to get the List of login ids and group via > fingerd.
The list of uids are already public in the /etc/passwd file. That file is already world readable. Therefore it isn't clear to me how using another command makes this a vulnerability. > I guess, Sun had fixed this long back in Solaris. However > in pinky, I can use symbolic link to /etc/passwd and /etc/group. Do you have any references on the fix for this attack vector? > $ cd <--- Go to home dir > $ ln -s .project /etc/passwd Obviously that should be switched. :-) > $ pinky -l mylogin > > Pinky follows symlink of .project. I guess, Pinky should avoid .project > if it is a symlink. Compare this "attack": $ ln -s /etc/passwd .project $ cat .project To this one: $ cat /etc/passwd How is finger/pinky more vulnerable than cat? Bob
