Date: Mon, 28 Jul 1997 12:52:39 -0700 (PDT) From: Vincent Poy <vince@mail.MCESTATE.COM> To: "Jonathan A. Zdziarski" <jonz@netrail.net> Cc: security@FreeBSD.ORG, "[Mario1-]" <mario1@PrimeNet.Com>, JbHunt <johnnyu@accessus.net> Subject: Re: security hole in bsd Message-ID: <Pine.BSF.3.95.970728125043.3844q-100000@mail.MCESTATE.COM> In-Reply-To: <Pine.BSF.3.95q.970728132405.4159B-100000@netrail.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 28 Jul 1997, Jonathan A. Zdziarski wrote: =)BTW: You said you didn't know how he hacked into your other system as he =)doesn't have an account on it. Do you have a .rhosts file in the root =)directory of the other server or a hosts.equiv file allowing the two to =)share root/other privileged logins between the two? As root he'd be able =)to su to anything. How about NFS/rdist permissions? There was no .rhosts file in root until he created it and the contents were just two +'s which I deleted the files afterwards but he still got back on. hosts.equiv is whatever FreeBSD shipped with, I never configure that file. Don't have NFS or rdist running either. Cheers, Vince - vince@MCESTATE.COM - vince@GAIANET.NET ________ __ ____ Unix Networking Operations - FreeBSD-Real Unix for Free / / / / | / |[__ ] GaiaNet Corporation - M & C Estate / / / / | / | __] ] Beverly Hills, California USA 90210 / / / / / |/ / | __] ] HongKong Stars/Gravis UltraSound Mailing Lists Admin /_/_/_/_/|___/|_|[____]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970728125043.3844q-100000>