From owner-freebsd-hackers Fri Jul 12 15:49:38 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5676137B400 for ; Fri, 12 Jul 2002 15:49:32 -0700 (PDT) Received: from parhelion.firedrake.org (parhelion.firedrake.org [212.135.138.219]) by mx1.FreeBSD.org (Postfix) with ESMTP id E746543E31 for ; Fri, 12 Jul 2002 15:49:31 -0700 (PDT) (envelope-from float@firedrake.org) Received: from float by parhelion.firedrake.org with local (Exim 3.35 #1 (Debian)) id 17T7t1-0007qb-00; Fri, 12 Jul 2002 22:23:35 +0100 Date: Fri, 12 Jul 2002 22:23:35 +0100 To: Bogdan TARU Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: security problem in sysctl? Message-ID: <20020712212335.GA29890@parhelion.firedrake.org> References: <20020710142627.F89292-100000@fw.cgn.icom> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020710142627.F89292-100000@fw.cgn.icom> User-Agent: Mutt/1.3.28i From: void Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, Jul 10, 2002 at 02:30:19PM +0200, Bogdan TARU wrote: > > Hi guys, > > I have just rebooted my machine, and immediately after boot I have run > 'sysctl -a' as an usual user. Well, in 'kern.msgbuf' I have found the > whole master.passwd file, with combinations of usernames/passwords. Isn't > that a security threat? Do you know how it got in there in the first place? I'd say that's the security problem. -- Ben "An art scene of delight I created this to be ..." -- Sun Ra To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message