From owner-freebsd-security Thu Mar 20 10:26:41 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA28621 for security-outgoing; Thu, 20 Mar 1997 10:26:41 -0800 (PST) Received: from roundtable.cif.rochester.edu (sadmin@roundtable.cif.rochester.edu [128.151.220.14]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA28613 for ; Thu, 20 Mar 1997 10:26:38 -0800 (PST) Received: (from sadmin@localhost) by roundtable.cif.rochester.edu (8.8.5/8.8.3) id NAA06646; Thu, 20 Mar 1997 13:26:25 -0500 (EST) From: Security Administrator Message-Id: <199703201826.NAA06646@roundtable.cif.rochester.edu> Subject: Re: rdist exploitation To: steve@vic.cioe.com (Steve Ames) Date: Thu, 20 Mar 1997 13:26:25 -0500 (EST) Cc: freebsd-security@freebsd.org (FreeBSD Security) In-Reply-To: <199703192223.RAA13287@vic.cioe.com> from "Steve Ames" at Mar 19, 97 05:23:21 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > > Someone I know just sent me a snippet of C code to exploit rdist under > FreeBSD... he used it to obtain the master.passwd file. > > Is this a known security hold and what's the plug? > > -Steve As far as I know, rdist is still broken. Your best bet is to remove the world executable permissions on the program and only allow root/bin to run it. That may cause a problem if you are trying to run the program from afar in an attempt to install something in your local machine. JP -- System Security Administrator Computer Interest Floor University of Rochester Rochester, NY 14627 sadmin@roundtable.cif.rochester.edu