----- Original Message ----- From: Andres Salomon <[EMAIL PROTECTED]> To: Kevin <[EMAIL PROTECTED]> Cc: <debian-security@lists.debian.org> Sent: Monday, January 08, 2001 9:37 PM Subject: Re: 'export RESOLV_HOST_CONF= any file you want' local vulnerability
> try it w/ traceroute. lotsa fun, and it works > on mandrake, too. > > things like this make me glad i don't have to deal w/ untrusted > customers that have shell access... Well, there are plenty of webhosters outside, who grant cgi-bin (perl) or php access. Executing as the webserveruser should be no different to real shell-users. but i could not verify this problem with fping on debian potato.. cya Bjoern