[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Re: Possible security problem in KHTML or KMail?
From:       Stephan Kulow <coolo () kde ! org>
Date:       2001-10-11 14:48:45
[Download RAW message or body]

On Thursday 11 October 2001 16:41, Chris Howells wrote:
> > From: Rob Kaper <cap@capsi.com>
> >
> > On Wed, Oct 10, 2001 at 09:14:59PM +0200, Ingo Klöcker wrote:
> > > <html><head></head><frameset><frame src="/etc/passwd"></frameset>
> > > <body></body></html>
> >
> > This is by no means a security risk. Local users have always been able to
> > read/display the /etc/passwd file.
>
> Yes; that's what shadow passwords are for :)

Nonsense. /etc/passwd is just an example and the list of users on a specific 
machine is already more information that what should be gathered from outside.

Greetings, Stephan

[prev in list] [next in list] [prev in thread] [next in thread]