On Tuesday 08 October 2013 02:02, Ryan Mallon wrote: > The wall applet is setuid and currently does no checking of the real > user's read access to the message file. This allows the wall applet to > be used to display files which are not readable by an unprivileged > user. For example: > > $ wall /etc/shadow > $ wall /proc/vmallocinfo > > Fix this by temporarily dropping privileges before opening the file.
Applied all three patches (with small modifications). Thanks! _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
