Date: Thu, 20 Mar 1997 13:26:25 -0500 (EST) From: Security Administrator <sadmin@roundtable.cif.rochester.edu> To: steve@vic.cioe.com (Steve Ames) Cc: freebsd-security@freebsd.org (FreeBSD Security) Subject: Re: rdist exploitation Message-ID: <199703201826.NAA06646@roundtable.cif.rochester.edu> In-Reply-To: <199703192223.RAA13287@vic.cioe.com> from "Steve Ames" at Mar 19, 97 05:23:21 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Someone I know just sent me a snippet of C code to exploit rdist under > FreeBSD... he used it to obtain the master.passwd file. > > Is this a known security hold and what's the plug? > > -Steve As far as I know, rdist is still broken. Your best bet is to remove the world executable permissions on the program and only allow root/bin to run it. That may cause a problem if you are trying to run the program from afar in an attempt to install something in your local machine. JP -- System Security Administrator Computer Interest Floor University of Rochester Rochester, NY 14627 sadmin@roundtable.cif.rochester.edu
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199703201826.NAA06646>