Date: Tue, 18 Jun 2002 18:08:53 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: Alex Michlin <alex@delete.org> Cc: <freebsd-security@FreeBSD.ORG> Subject: RE: Disable Login Message-ID: <20020618175353.F68133-100000@localhost> In-Reply-To: <Pine.BSF.4.40.0206181604280.6845-100000@krypton.delete.org>
index | next in thread | previous in thread | raw e-mail
On Tue, 18 Jun 2002, Alex Michlin wrote: > I remember seeing a FreeBSD advisory on a bug in login. Now, for the > real story... What is behind this is: I just downloaded the latest Saint > version and ran it against a server. It said there login was vunerable. > I'm not sure how it knows if there is a bug or just information (but it is > listed under the critical section). saint checks wheter the login *service* (512/tcp, a.k.a rlogin) is runing, it doesn't check for vulnerabilities in the login *program* (/usr/bin/login) rlogin is insecure because it sends everyting in cleartext and may be vulnerable to ip spoofing if you use .rhosts for authentication. Just coment it out in inetd.conf and use ssh instead. Fer > > Thanks again, > > Alex > > On Tue, 18 Jun 2002, Eric F Crist wrote: > > > What kind of a bug in login are you seeing? If you completely disable > > the login utility, you would not be able to logon locally, which could > > make an upgrade difficult. If you simply want to disable logon for > > specific users, simply set their shell to /etc/nologin or some other > > non-existent file/shell. > > > > HTH > > > > Eric F Crist > > President/Sys Admin > > AdTech Integrated Systems, Inc > > http://www.adtechintegrated.com > > > > > > -----Original Message----- > > From: owner-freebsd-security@FreeBSD.ORG > > [mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Alex Michlin > > Sent: Tuesday, June 18, 2002 2:23 PM > > To: freebsd-security@FreeBSD.ORG > > Subject: Disable Login > > > > I have a FreeBSD 4.2 server with a bug in login. I cannot reboot the > > server to upgrade the os (make world...). As a temporary fix, can I > > chmod > > 000 logon or possibly even remove it completely? Should everything > > function correctly? (OpenSSH mainly)? > > > > TIA, > > > > Alex > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020618175353.F68133-100000>