Date: Sat, 13 Jul 2002 04:04:02 +0200 From: Bernd Walter <ticso@cicely5.cicely.de> To: void <float@firedrake.org> Cc: Bogdan TARU <bgd@icomag.de>, freebsd-hackers@FreeBSD.ORG Subject: Re: security problem in sysctl? Message-ID: <20020713020401.GU63545@cicely5.cicely.de> In-Reply-To: <20020712212335.GA29890@parhelion.firedrake.org> References: <20020710142627.F89292-100000@fw.cgn.icom> <20020712212335.GA29890@parhelion.firedrake.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 12, 2002 at 10:23:35PM +0100, void wrote: > On Wed, Jul 10, 2002 at 02:30:19PM +0200, Bogdan TARU wrote: > > > > Hi guys, > > > > I have just rebooted my machine, and immediately after boot I have run > > 'sysctl -a' as an usual user. Well, in 'kern.msgbuf' I have found the > > whole master.passwd file, with combinations of usernames/passwords. Isn't > > that a security threat? > > Do you know how it got in there in the first place? I'd say that's the > security problem. I would asume something like editing the passwd in single use mode. kern.msgbuf should be closed for non root users - IMO. -- B.Walter COSMO-Project http://www.cosmo-project.de ticso@cicely.de Usergroup info@cosmo-project.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020713020401.GU63545>