Date: Fri, 16 Oct 1998 16:15:58 -0500 From: "Matthew D. Fuller" <fullermd@futuresouth.com> To: Marius Bendiksen <Marius.Bendiksen@scancall.no> Cc: andrew@squiz.co.nz, security@FreeBSD.ORG Subject: Re: X allows ordinary user to read first line of any file Message-ID: <19981016161558.25098@futuresouth.com> In-Reply-To: <3.0.5.32.19981016161322.00920830@mail.scancall.no>; from Marius Bendiksen on Fri, Oct 16, 1998 at 04:13:22PM %2B0200 References: <Pine.BSF.4.01.9810161756550.706-100000@aniwa.sky> <3.0.5.32.19981016161322.00920830@mail.scancall.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Oct 16, 1998 at 04:13:22PM +0200, Marius Bendiksen woke me up to tell me: > >I'm sure there's other files where this can be a problem, but in the case > >of the password file it seems wise to have a dummy entry as the first line > >of the master.passwd file. > > You could of course just delete the file, if you're concerned that they're > going to crack the password. If you enforce a sound password policy, they > won't be able to get anything from that. You could of course just stript the setuid bit from the server, and use xdm instead of xinit. On a single user machine (single user on console, that is), I'd just use startx, but then again, most workstations are limited to console access. On a multiple user machine (lab, etc), xdm seems to be a better choice anyway. *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* | FreeBSD; the way computers were meant to be | * "The only reason I'm burning my candle at both ends, is * | that I haven't figured out how to light the middle yet."| * fullermd@futuresouth.com :-} MAtthew Fuller * | http://keystone.westminster.edu/~fullermd | *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981016161558.25098>