On Mon, 03 Aug 2009 16:03:13 EDT, elliot_mb@xxxxxxxxxxxx said: > VI. VENDOR RESPONSE > > Vendor was uninterested in fixing the issue. Probably because PFF is usually run from a laptop or single-user workstation, and you need a shell on the system already for this exploit to work. So it's really not a big deal unless you're an insider who shouldn't have been trusted with an account on the machine in question, or you've also got *another* way to get access to the box. > #include <sys/inotify.h> > struct inotify_event e; > n = inotify_init(); > w = inotify_add_watch(n, "/tmp/PFF", IN_CREATE); Bonus points for using inotify.. but... > * DONT HIRE NIGGERS, THEY BRING ONLY FAILURE. Oddly enough, the guys in charge who brought the South a loss were all white...
Attachment:
pgpodrgv5sPLv.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/