From owner-freebsd-security Fri Sep 21 4:38:50 2001 Delivered-To: freebsd-security@freebsd.org Received: from closed-networks.com (shady.org [195.153.248.241]) by hub.freebsd.org (Postfix) with SMTP id 11F6737B410 for ; Fri, 21 Sep 2001 04:38:47 -0700 (PDT) Received: (qmail 11881 invoked by uid 1000); 21 Sep 2001 11:44:10 -0000 Date: Fri, 21 Sep 2001 12:44:10 +0100 From: Marc Rogers To: FreeBSD-Security@FreeBSD.ORG Subject: login_conf vulnerability. Message-ID: <20010921124410.D99287@shady.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org afternoon all, For those of you who havent gotten around to patching login_cap.c to fix the openssh login class exploit recently released, I have a quick fix that should be good enough to stop pests reading files on your system, such as master.passwd. using vipw, add all users to a login class that has been defined in /etc/login.conf for most people simply adding the user to standard will suffice: bob:xxxxxxxxxxxxx:1062:1062::0:0:bob t builder:/home/bob:/usr/local/bin/bash should be changed to bob:xxxxxxxxxxxxx:1062:1062:standard:0:0:bob t builder:/home/bob:/usr/local/bin/bash which corresponds to: standard:\ :tc=default: in /etc/login.conf This has been tested and found to prevent the exploit in 4.0, 4.1, 4.3 and 4.4-RC Yours, Marc Rogers Technical Director European Data Corporation To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message