From owner-freebsd-security Wed Nov 15 13:52:18 2000 Delivered-To: freebsd-security@freebsd.org Received: from citusc17.usc.edu (citusc17.usc.edu [128.125.38.177]) by hub.freebsd.org (Postfix) with ESMTP id 1027C37B4CF; Wed, 15 Nov 2000 13:52:13 -0800 (PST) Received: (from kris@localhost) by citusc17.usc.edu (8.11.1/8.11.1) id eAFLrW622584; Wed, 15 Nov 2000 13:53:32 -0800 (PST) (envelope-from kris) Date: Wed, 15 Nov 2000 13:53:32 -0800 From: Kris Kennaway To: Rossen Raykov Cc: kris@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: problem using sysinstall Message-ID: <20001115135331.A22524@citusc17.usc.edu> References: <003f01c04f3e$3c77e170$4c00000a@sage> <20001115125148.A21232@citusc17.usc.edu> <20001115131226.A21677@citusc17.usc.edu> <00d301c04f4d$e9802760$4c00000a@sage> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="YZ5djTAD1cGYuMQK" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <00d301c04f4d$e9802760$4c00000a@sage>; from rraykov@sageian.com on Wed, Nov 15, 2000 at 04:49:21PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --YZ5djTAD1cGYuMQK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 15, 2000 at 04:49:21PM -0500, Rossen Raykov wrote: > Hi, >=20 > I'm not allowing remote root login anywhere! > I'm doing ssh admin_user_name followed by su to root from this account. OK. > I'm curious for the answer of my second question: > Is it normal to receive the command prompt for an account without a shell= in > /etc/passwd? The shell must be listed in /etc/shells. > Also there ware lots of bugs in the bin distribution - top, telnet ... is > there a way/tool to reinstall those binaries remote. > It will be fine if all binaries are reinstalled. Binary patches aren't currently produced - there are difficulties in creating and maintaining such a system which no-one has overcome yet. Rebuild the utility from source on another machine and copy it over. > How you will upgrade the binaries if you don't have at least one more box > with the same OS? You can't, easily. However upgrading to a -stable snapshot after the problem has been fixed will cover it. Kris --YZ5djTAD1cGYuMQK Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoTBdsACgkQWry0BWjoQKVH1ACfYnTly0xu9CSbRmAwraEQFO5L R2QAoJ/kYIcH64QzsyUH7LEKuFEOoU+T =nXPV -----END PGP SIGNATURE----- --YZ5djTAD1cGYuMQK-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message