From owner-freebsd-hackers  Wed Jul 10  5:35:15 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8674B37B400
	for <freebsd-hackers@FreeBSD.ORG>; Wed, 10 Jul 2002 05:35:13 -0700 (PDT)
Received: from icomag.de (ns.icomag.de [195.227.115.162])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4184943E42
	for <freebsd-hackers@FreeBSD.ORG>; Wed, 10 Jul 2002 05:35:12 -0700 (PDT)
	(envelope-from bgd@icomag.de)
Received: from localhost (bgd@localhost)
	by icomag.de (8.11.3/8.11.3) with ESMTP id g6ACUJv89323
	for <freebsd-hackers@FreeBSD.ORG>; Wed, 10 Jul 2002 14:30:22 +0200 (CEST)
	(envelope-from bgd@icomag.de)
Date: Wed, 10 Jul 2002 14:30:19 +0200 (CEST)
From: Bogdan TARU <bgd@icomag.de>
X-X-Sender:  <bgd@fw.cgn.icom>
To: <freebsd-hackers@FreeBSD.ORG>
Subject: security problem in sysctl?
Message-ID: <20020710142627.F89292-100000@fw.cgn.icom>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


	Hi guys,

 I have just rebooted my machine, and immediately after boot I have run
'sysctl -a' as an usual user. Well, in 'kern.msgbuf' I have found the
whole master.passwd file, with combinations of usernames/passwords. Isn't
that a security threat?

 bogdan

----------------------------
iCom Media AG
Kirchweg 36
Koln, 50858
Germany

Phone: +49-(0)221-485-689-16
Fax  : +49-(0)221-485-689-20
Mobile:+49-(0)173-906-46-01


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message