> There is a bug in the `lib/site/userinfo.c' module of GNU finger version > 1.37 allowing any user on a system to execute arbitrary commands with gid > root from ~/.fingerrc. The problem is that GNU finger *first* changes its > userid thus giving away root privileges and *then* tries to change its gid > which will not succeed. > > Greetings, Thomas > > > [patch deleted] And it seems (from the lines in your patch) that the initgroups() call is missing, too. That would imply that the commands would inherit the supplementary group IDs from fingerd. The supplementary group ID set may be empty depending on the flavour/version of inetd, but it's at least begging for desaster. I haven't taken a closer look though. If I'm mistaken and the initgroups() is explicitely or implicitely there, I apologize. joerg -- Joerg Czeranski EMail czeranski@informatik.tu-clausthal.de Osteroeder Strasse 55 czeranski@rz.tu-clausthal.de D 38678 Clausthal-Zellerfeld WWW http://www.in.tu-clausthal.de/~injc/