Path: utzoo!attcan!uunet!wuarchive!brutus.cs.uiuc.edu!tut.cis.ohio-state.edu!purdue!haven!adm!smoke!gwyn
From: gwyn@smoke.BRL.MIL (Doug Gwyn)
Newsgroups: comp.unix.questions
Subject: Re: .plan
Message-ID: <10814@smoke.BRL.MIL>
Date: 24 Aug 89 18:49:30 GMT
References: <61@towernet.UUCP> <1989Aug23.192105.21328@ee.rochester.edu>
Reply-To: gwyn@brl.arpa (Doug Gwyn)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 12

In article <1989Aug23.192105.21328@ee.rochester.edu> deke@ee.rochester.edu (Dikran Kassabian) writes:
>In article <61@towernet.UUCP> larrym@rigel.uucp (24121-E R Inghrim(3786)556) writes:
>>when I finger some users, they've got these plans with simple animated
>>figures jumping and beeping.
>these users have terminal-dependant cursor addressing and the like in
>their .plan file.

If "finger" really does dump the contents of .plan literally to a terminal,
then you could exploit that misfeature to force-feed one of the terminal's
programmable function keys, then dump it back.  That's a good way to run
commands under somebody else's UID!  This would be a security hole that
needs to be fixed.