Date: Tue, 7 Jul 1998 18:45:10 -0400 From: Nathan Dorfman <nathan@rtfm.net> To: Joe Greco <jgreco@solaria.sol.net> Cc: ports@FreeBSD.ORG Subject: Re: Patch breaks tripwire security paradigm Message-ID: <19980707184510.A22502@rtfm.net> In-Reply-To: <199807071917.OAA02914@aurora.sol.net>; from Joe Greco on Tue, Jul 07, 1998 at 02:17:45PM -0500 References: <199807071632.MAA20346@limbo.rtfm.net> <199807071917.OAA02914@aurora.sol.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jul 07, 1998 at 02:17:45PM -0500, Joe Greco wrote: <snip> > To make a long story short, it wasn't broken, those files are listed for > a reason, /root is already protected, and this patch substantially weakens > single-user security. It's Wrong. Kill it dead. You're right about sh -- it will read /.profile instead of /root/.profile when you're booting single-user. I just took down my machine to find out for myself, and was barely able to reconnect--lame ISP :>. Anyway, csh doesn't seem to execute any .cshrc or .login in single-user mode. Also, when in single-user mode, .rhosts and .forward probably don't mean all that much. As for .login, I didn't try and don't want to battle with PPP again. If csh won't read its startup files, I doubt it reads .logout... > ------------------------------------------------------------------------------- > Joe Greco - Systems Administrator jgreco@ns.sol.net > Solaria Public Access UNIX - Milwaukee, WI 414/342-4847 -- ________________ ___________________________________________ / Nathan Dorfman \ / "My problems start when the smarter bears / nathan@rtfm.net \/ and the dumber visitors intersect." / finger for PGP key \ Steve Thompson, Yosemite wildlife biologist To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980707184510.A22502>