Re: Creating file on login

[Vishal <dhrakol () myrealbox com>]

Hi Fausto

Thursday, November 27, 2003, 6:34:46 AM, you wrote:


F>     I have a system that when one try to login it create a file with the 
F> name of the user that tried to log.
F>     The problem is that if the do not exists the system creates the file 
F> with the invalid user...
F>     Can we do some exploit in this case...??
F>     Is this problem dangerous...
F>     Fausto Catvalho

Many questions spring to mind. To start with:

1. What kind of system is it?
2. What kind of file is created? text/binary..what format?
3. Where is it created?
4. What are the default access controls on this particular location? And on the file
itself?
5. Is the system connected to a network? What kind of network? Who can access
this system?

This problem could have many many answers depending on context...


Cheers,

-- 
Vishal

 


---------------------------------------------------------------------------
----------------------------------------------------------------------------