From owner-freebsd-security  Tue Jul 16 16:44:03 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id QAA14339
          for security-outgoing; Tue, 16 Jul 1996 16:44:03 -0700 (PDT)
Received: from rocky.mt.sri.com (rocky.mt.sri.com [206.127.76.100])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA14291
          for <freebsd-security@freebsd.org>; Tue, 16 Jul 1996 16:43:58 -0700 (PDT)
Received: (from nate@localhost) by rocky.mt.sri.com (8.7.5/8.7.3) id RAA27085; Tue, 16 Jul 1996 17:43:48 -0600 (MDT)
Date: Tue, 16 Jul 1996 17:43:48 -0600 (MDT)
Message-Id: <199607162343.RAA27085@rocky.mt.sri.com>
From: Nate Williams <nate@mt.sri.com>
To: Paul Danckaert <pauld@umbc.edu>
Cc: freebsd-security@freebsd.org
Subject: Re: [linux-security] sliplogin (fwd)
In-Reply-To: <Pine.SGI.3.91.960716185055.7842B-100000@umbc7.umbc.edu>
References: <Pine.SGI.3.91.960716185055.7842B-100000@umbc7.umbc.edu>
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

[ Linux sliplogin bug ]

> Interesting.  The code is the same on FreeBSD, it looks like.  However, on
> the default distributed system, there isn't a /etc/sliphome directory,
> which is necessary for sliplogin to startup correctly.  Therefore the
> standard FreeBSD distribution dies out before it gets anywhere near the
> system command. If you do run slip off of your system however, its much
> more possible that bad things can happen.. 

Also, note the following:

revision 1.6
date: 1996/04/24 20:18:25;  author: pst;  state: Exp;  lines: +9 -0
Close a security hole in sliplogin.
If you use sliplogin as a user shell (in /etc/passwd) upgrade to this version.
Reviewed by:    bde, peter
Submitted by:   AUS CERT
Obtained from:  Linux sliplogin-2.02

So, even if you setup /etc/sliphome, your system won't be vulnerable.


Nate