On Tuesday 08 October 2013 02:02:33 Ryan Mallon wrote:
The wall applet is setuid and currently does no checking of the real
user's read access to the message file. This allows the wall applet to
be used to display files which are not readable by an unprivileged
user. For example:
$ wall
On Tuesday 08 October 2013 02:02, Ryan Mallon wrote:
The wall applet is setuid and currently does no checking of the real
user's read access to the message file. This allows the wall applet to
be used to display files which are not readable by an unprivileged
user. For example:
$ wall
On Tuesday 08 October 2013 14:55:44 Denys Vlasenko wrote:
On Tuesday 08 October 2013 02:02, Ryan Mallon wrote:
The wall applet is setuid and currently does no checking of the real
user's read access to the message file. This allows the wall applet to
be used to display files which are not
The wall applet is setuid and currently does no checking of the real
user's read access to the message file. This allows the wall applet to
be used to display files which are not readable by an unprivileged
user. For example:
$ wall /etc/shadow
$ wall /proc/vmallocinfo
Fix this by