From owner-freebsd-security Mon Jul 28 10:26:07 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id KAA19233 for security-outgoing; Mon, 28 Jul 1997 10:26:07 -0700 (PDT) Received: from netrail.net (netrail.net [205.215.10.3]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA19226 for ; Mon, 28 Jul 1997 10:26:05 -0700 (PDT) Received: from localhost (jonz@localhost) by netrail.net (8.8.6/8.8.6) with SMTP id NAA04379 for ; Mon, 28 Jul 1997 13:25:24 GMT Date: Mon, 28 Jul 1997 13:25:24 +0000 (GMT) From: "Jonathan A. Zdziarski" To: security@freebsd.org Subject: security hole in bsd Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk BTW: You said you didn't know how he hacked into your other system as he doesn't have an account on it. Do you have a .rhosts file in the root directory of the other server or a hosts.equiv file allowing the two to share root/other privileged logins between the two? As root he'd be able to su to anything. How about NFS/rdist permissions? ------------------------------------------------------------------------- Jonathan A. Zdziarski NetRail Incorporated Server Engineering Manager 230 Peachtree St. Suite 500 jonz@netrail.net Atlanta, GA 30303 http://www.netrail.net (888) - NETRAIL -------------------------------------------------------------------------