Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 13 Jul 2002 04:04:02 +0200
From:      Bernd Walter <ticso@cicely5.cicely.de>
To:        void <float@firedrake.org>
Cc:        Bogdan TARU <bgd@icomag.de>, freebsd-hackers@FreeBSD.ORG
Subject:   Re: security problem in sysctl?
Message-ID:  <20020713020401.GU63545@cicely5.cicely.de>
In-Reply-To: <20020712212335.GA29890@parhelion.firedrake.org>
References:  <20020710142627.F89292-100000@fw.cgn.icom> <20020712212335.GA29890@parhelion.firedrake.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 12, 2002 at 10:23:35PM +0100, void wrote:
> On Wed, Jul 10, 2002 at 02:30:19PM +0200, Bogdan TARU wrote:
> > 
> > 	Hi guys,
> > 
> >  I have just rebooted my machine, and immediately after boot I have run
> > 'sysctl -a' as an usual user. Well, in 'kern.msgbuf' I have found the
> > whole master.passwd file, with combinations of usernames/passwords. Isn't
> > that a security threat?
> 
> Do you know how it got in there in the first place?  I'd say that's the
> security problem.

I would asume something like editing the passwd in single use mode.
kern.msgbuf should be closed for non root users - IMO.

-- 
B.Walter              COSMO-Project         http://www.cosmo-project.de
ticso@cicely.de         Usergroup           info@cosmo-project.de


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020713020401.GU63545>