-----BEGIN PGP SIGNED MESSAGE----- On Thu, 5 Oct 2000, Alan KF LAU wrote:
> Just a question. I've tried it on my own server which is Debian 2.2.17 > woody(unstable) version. I got the following message when trying 2: > > ./troffrc:1: can't open `/etc/passwd' for appending: Permission denied > ./troffrc:2: no stream named 'passwds' > ./troffrc:3: no stream named 'passwds' > .... > > Is this bug already fixed in Debian 2.2 Woody(unstable)? Javier's email does specify that you need to be logged in as root. I assume you were not. There have been similar attacks to this in other packages for quite some time. I believe it would be reasonable for man to run setuid man, would it not? In fact, considering that there's a man user in /etc/passwd by default in Debian, why isn't it? noah _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQCVAwUBOdyC2IdCcpBjGWoFAQGhMAP+NYkg92psPK+lfyjj7SKlaPFGlxCbpBgX DUQIY3k8sp7zUPsvSp46SORPew/XSXcRM29PtjbkHS/l0ftmHxp7TG9wwM13/8Jx 2ovWsOihsgysliKXfOIt/gUXEG9qlu/D5UZaV2Xm+GbncxrQg5h/4nLmco99TY8I 4/19T5zTdMc= =QtdO -----END PGP SIGNATURE-----
