Path: utzoo!utgpu!watmath!clyde!att!ucbvax!husc6!rice!sun-spots-request From: JONESD@kcgl1.eng.ohio-state.edu (David Jones) Newsgroups: comp.sys.sun Subject: Re: Yet another finger hole Message-ID: <1086@accelerator.eng.ohio-state.edu> Date: 3 Dec 88 22:42:34 GMT References: <8811112032.AA22990@natinst.uucp> Sender: usenet@rice.edu Organization: Rice University, Houston, Texas Lines: 10 Approved: Sun-Spots@rice.edu Original-Date: 23 Nov 88 00:39:34 GMT X-Sun-Spots-Digest: Volume 7, Issue 36, message 2 of 12 I think the proper way to defeat use of symbolic links for .plan files is to have finger check that the file it opens is actually owned by the same uid as the user whose plan file it is supposed to be. This requires actual coding changes to the program, however, so it's not a very attractive solution. David L. Jones | Phone: (614) 292-6929 Ohio State Unviversity | Internet: 1971 Neil Ave. Rm. 406 | jonesd@kcgl1.eng.ohio-state.edu Columbus, OH 43210 | jones-d@eng.ohio-state.edu