Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_4

Bugtraq archives for 4th quarter (Oct-Dec) 1994: Re: full disclosure

Re: full disclosure

Doug Siebert (nmshacksaw.rutgers.edu)
Wed, 30 Nov 1994 03:33:19 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Pug: "Re: (fwd) In reply to comments about new policy (fwd)"
Previous message: Doug Siebert: "Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994"
In reply to: Wes Morgan: "Re: full disclosure"
Next in thread: G.J.W. Hagenaars: "/tmp/rlogind (was Re: full disclosure)"

>From: morganengr.uky.edu (Wes Morgan)
>
...text removed...
>
>ObBug: As shipped, AT&T SVR4 3.1 for the StarServer E creates logfiles
>	  /tmp/rlogind and /tmp/ftpd.  The rlogind logfile is harmless
>	  enough, but the ftpd logfile includes userids and passwords. By
>	  default, the files are world readable.
>
>Workaround: I could never find a patch from NCR/ATT.  I created an
>	       empty /tmp/ftpd during boot, protecting it at 600.  This
>	       does not prevent entries from being made, but it does keep
>	       the information (relatively) private.
>
>--Wes
>

   Your solution uses the fact that an existing /tmp/ftpd file is appended
to if it already exists.  Using this info a better way would be to edit
the binary and replace the /tmp/ftpd string with /dev/null.  After editing
don't forget to update your cryptographic checksum database.

-nms

Next message: Pug: "Re: (fwd) In reply to comments about new policy (fwd)"
Previous message: Doug Siebert: "Re: [8lgm]-Advisory-14.UNIX.SCO-prwarn.12-Nov-1994"
In reply to: Wes Morgan: "Re: full disclosure"
Next in thread: G.J.W. Hagenaars: "/tmp/rlogind (was Re: full disclosure)"