Comment 40 for bug 22052
Revision history for this message
|
|
#40 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Well if this allows arbitrary data to be fed into the file and later
be displayed by who or last then that data could be made to contain
escape sequences, and either hide other lines that would normally be
displayed (so you don't know someone has logged into the machine), or
output other malicious escape sequences (key rebindings, whatever).
Haven't tried it but it's a thought.
--
see shy jo