Re: full disclosure

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Pug: "Re: (fwd) In reply to comments about new policy (fwd)"
• Previous message: Doug Siebert: "Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994"
• In reply to: Wes Morgan: "Re: full disclosure"
• Next in thread: G.J.W. Hagenaars: "/tmp/rlogind (was Re: full disclosure)"

>From: morgan@engr.uky.edu (Wes Morgan)
>
...text removed...
>
>ObBug: As shipped, AT&T SVR4 3.1 for the StarServer E creates logfiles
>	  /tmp/rlogind and /tmp/ftpd.  The rlogind logfile is harmless
>	  enough, but the ftpd logfile includes userids and passwords. By
>	  default, the files are world readable.
>
>Workaround: I could never find a patch from NCR/ATT.  I created an
>	       empty /tmp/ftpd during boot, protecting it at 600.  This
>	       does not prevent entries from being made, but it does keep
>	       the information (relatively) private.
>
>--Wes
>

   Your solution uses the fact that an existing /tmp/ftpd file is appended
to if it already exists.  Using this info a better way would be to edit
the binary and replace the /tmp/ftpd string with /dev/null.  After editing
don't forget to update your cryptographic checksum database.

-nms

• Next message: Pug: "Re: (fwd) In reply to comments about new policy (fwd)"
• Previous message: Doug Siebert: "Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994"
• In reply to: Wes Morgan: "Re: full disclosure"
• Next in thread: G.J.W. Hagenaars: "/tmp/rlogind (was Re: full disclosure)"