Date: Fri, 16 Oct 1998 21:59:38 -0500 (CDT) From: "Yong S. Yi" <ysyi@async.org> To: andrew@squiz.co.nz Cc: security@FreeBSD.ORG Subject: Re: X allows ordinary user to read first line of any file Message-ID: <Pine.LNX.3.96.981016213908.28907A-100000@azazel.async.org> In-Reply-To: <19981017095244.E24991@rf900.physics.usyd.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
>On Fri, Oct 16, 1998 at 06:08:02PM +1300, Andrew McNaughton wrote: > >found this on http://www.hoobie.net/security/exploits/ > >joeuser@host$ X -config /etc/master.passwd >Unrecognized option: root:yd0Rj.v.r1wKA:0:0::0:0:Charlie >use: X [:<display>] [option] >. >. >. > >I'm sure there's other files where this can be a problem, but in the case >of the password file it seems wise to have a dummy entry as the first line >of the master.passwd file. On Fri, Oct 16, 1998 at 10:42PM +1300, Andrew McNaughton wrote: >Yes it is 3.3.1, and yes the problem is with XFree86 rather than FreeBSD >itself. Xfree86 came with my version of FreeBSD 2.2.5. Perhaps that's So upgrade your XFree86 server (and any other components you wish to upgrade). >old enough to let it go, but this list regularly seems to cover software "let it go"? This problem was discovered+fixed months ago. Some possible things to do: upgrade your server (and/or XFree86 distribution), install a wrapper for the server, or just delete the passwd file (Marius.Bendiksen@scancall.no). No need to "let it go" -- it's already been dealt with. >used by FreeBSD users outside of the operating system itself. Seemed Yup. But this issue has been discussed (same crap that's going through the thread right now) many times, on various mailing lists and usenet newsgroups. Do a websearch for it... find out more if interested. >worth a comment. Sure. -- Yong S. Yi Email: ysyi@hybrid.async.org Phone: 1.256.881.8821 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.96.981016213908.28907A-100000>