|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Linux NIS security problem hole and fix
Tim Chown (T.J.Chown
ecs.soton.ac.uk)Fri, 8 Sep 1995 09:51:47 +0100
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: System Administrator: "Re: Linux NIS security problem hole and fix"
- Previous message: Alan Hannan: "Re: Discovery: Gain access to root on Linux via NIS"
- In reply to: Ken Weaverling: "Linux NIS security problem hole and fix"
- Next in thread: System Administrator: "Re: Linux NIS security problem hole and fix"
On Thu, 7 Sep 1995, Ken Weaverling wrote: > I was told by someone that this hole is "well known" and has been discussed > on the LINUX security list for a while now. A few people have emailed me > telling me what it was too, so it is obvious that this is "known" about. Here are my observations on Slackware 2.3/ kernel 1.2.13. I can say that logging in as + on SW2.3/1.2.13 doesn't give you anything bar a login refused, IF the passwd entry says just '+'. The latest SW says that just + is all you need to pull in entries with the latest libc in use that comes with it. However, if the entry says '+::0:0:::' then you can login as root via telnet (well, you could if we didn't bar direct root logins), but just 'su +' will get you root of course. Using an entry of '+:*:0:0:::' allows people to login but disallows the root hole. Lovely :) Cheers, Tim
- Next message: System Administrator: "Re: Linux NIS security problem hole and fix"
- Previous message: Alan Hannan: "Re: Discovery: Gain access to root on Linux via NIS"
- In reply to: Ken Weaverling: "Linux NIS security problem hole and fix"
- Next in thread: System Administrator: "Re: Linux NIS security problem hole and fix"