I was surprised that the out of the box 'W' command on Linux provides so much information without needing any SUDO or admin permissions. In particular, the command shows the command line of each user's current process. This seems to be a huge hole as it could potentially show someone accessing a hidden file (for instance, the command 'vim .ProofThatTheMoonLandingWasFaked.txt'), plain text passwords (yes, I know that should never be an issue since plaintext passwords should never be entered but it still comes up), etc.
Does the out of the box 'W' command constitute a security hole in a system?
Aucun commentaire:
Enregistrer un commentaire