Date: Fri, 21 Sep 2001 16:02:43 +0300 From: Peter Pentchev <roam@ringlet.net> To: Rob Andrews <rob@cyberpunkz.org> Cc: Marc Rogers <marcr@shady.org>, FreeBSD-Security@FreeBSD.ORG Subject: Re: login_conf vulnerability. Message-ID: <20010921160243.C619@ringworld.oblivion.bg> In-Reply-To: <20010921075540.B71120@switchblade.cyberpunkz.org>; from rob@cyberpunkz.org on Fri, Sep 21, 2001 at 07:55:40AM -0500 References: <20010921124410.D99287@shady.org> <20010921154834.B619@ringworld.oblivion.bg> <20010921075540.B71120@switchblade.cyberpunkz.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Sep 21, 2001 at 07:55:40AM -0500, Rob Andrews wrote: > On Fri, Sep 21, 2001 at 03:48:34PM +0300, Peter Pentchev wrote: > > Correct me if I'm wrong, but IMHO this will only stop cluebies who do > > not take the time to look and see just *why* the 'default' override > > does not work. What happens when they change their .login.conf file > > and override the 'standard' login class instead? > > Users cannot change their login class on the system with .login.conf, > they can only affect certain things such as path statements and such. > > Try it yourself and see.. :) Yes, but they can override them for whichever class they choose to specify in their own .login.conf. Venglin's BugTraq post gave as an example a user .login.conf file consisting of: default:\ :copyright=/etc/master.passwd: This overrides the 'default' login class; if the sysadmin changes the user's login class to 'standard', then what is there to stop the user from doing the following? standard:\ :copyright=/etc/master.passwd: G'luck, Peter -- because I didn't think of a good beginning of it. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010921160243.C619>