Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1997_4

Bugtraq archives for 4th quarter (Oct-Dec) 1997: Re: digital unix 4.0 hole

Re: digital unix 4.0 hole

John McDonald (jmcdonalOSPREY.UNF.EDU)
Sun, 16 Nov 1997 02:36:58 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Edwin Li-Kai Liu: "Re: Pentium bug workaround in NetBSD (was Re: Intel Pentium"
Previous message: G P R: "Re: The overlapping fragment bug"
In reply to: Emmanuel Gadaix: "Re: digital unix 4.0 hole"
Next in thread: Paul Szabo: "Re: digital unix 4.0 hole"

On Sat, 15 Nov 1997, Emmanuel Gadaix wrote:

> Verified on 3.2 with dbx 3.11.8 but it dumps core as user, not as root.
> Won't overwrite files and won't write in a directory where user doesn't
> have permissions.

Ok.. I've had 6 people email and confirm that it does work for Digital
Unix 4.0, and 4.0B.

> PS
> As Tom Leffingwell <tomSBA.MIAMI.EDU> said yesterday :
> : DU doesn't allow +'s in /.rhosts, at least under C2, and I think so in
> : general.  It doesn't seem to work even if you specify a user, either.

We have the C2 security package installed under 4.0, and + + appears to
work fine. There is an option called NO_PLUS I think that can be set in
/etc/hosts.equiv that will globally prevent the + wildcard.

humble - jmcdonalunf.edu

Next message: Edwin Li-Kai Liu: "Re: Pentium bug workaround in NetBSD (was Re: Intel Pentium"
Previous message: G P R: "Re: The overlapping fragment bug"
In reply to: Emmanuel Gadaix: "Re: digital unix 4.0 hole"
Next in thread: Paul Szabo: "Re: digital unix 4.0 hole"