NetBSD Problem Report #6126
Received: (qmail-queue invoked from smtpd); 9 Mar 1997 13:20:07 -0000
Message-Id: <199703091417.PAA14553@erik-be.uni-c.dk>
Date: Sun, 9 Mar 1997 15:17:10 +0100 (MET)
From: Erik Bertelsen <erik@erik-be.uni-c.dk>
Reply-To: erik@sockdev.uni-c.dk
To: gnats-bugs@gnats.netbsd.org
Subject: Recent /usr/src/etc/aliases conflict w/ /etc/security
X-Send-Pr-Version: 3.95
>Number: 6126
>Category: security
>Synopsis: Recent /usr/src/etc/aliases conflict w/ /etc/security
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: gnats-admin
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Sep 08 13:05:00 +0000 1998
>Closed-Date: Tue Sep 08 20:18:10 +0000 1998
>Last-Modified: Tue Sep 08 20:18:50 +0000 1998
>Originator: Erik Bertelsen
>Release: NetBSD-current , 8 March 1997
>Organization:
UNI-C
>Environment:
System: NetBSD erik-be.uni-c.dk 1.2C NetBSD 1.2C (ERIKBE) #16: Mon Mar 3 09:30:20 MET 1997 erik@erik-be.uni-c.dk:/sw/NetBSD/src/sys/arch/i386/compile/ERIKBE i386
>Description:
/etc/security will diagnose the presence of a decode alias, but
a few days ago, the distributed /etc/aliases had this alias
added, probably to be able to detect and trap attacks trying
to abuse this alias.
>How-To-Repeat:
Install -current /etc/aliases and /etc/security and read root's
mailbox the following day.
>Fix:
Either remove "decode" from aliases again or learn the security
script that (some versions of) decode is acceptable.
regards
Erik Bertelsen
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed
State-Changed-By: pk
State-Changed-When: Tue Sep 8 13:18:10 PDT 1998
State-Changed-Why:
time-warped clone of 3331
From: Erik Bertelsen <erik@mediator.uni-c.dk>
To: gnats-bugs@gnats.netbsd.org
Cc: Subject: Re: security/6126: Recent /usr/src/etc/aliases conflict w/ /etc/security
Date: Tue, 8 Sep 1998 22:46:18 +0200
On Sun, Mar 09, 1997 at 03:17:10PM +0100, Erik Bertelsen wrote:
>
> >Number: 6126
> >Category: security
> >Synopsis: Recent /usr/src/etc/aliases conflict w/ /etc/security
Why did that PR pop up now? -- the problem was fixed in april.
Looking at the mail headers of the PR just mailed out, it seems that
it was received by homeworld.cygnus in March when the PR was originally sent.
Anyway, it is a duplicate of security/3331, and 6126 may consequently be
closed.
- Erik
From: "Eric S. Hvozda" <hvozda@ack.org>
To: erik@sockdev.uni-c.dk
Cc: gnats-bugs@gnats.netbsd.org
Subject: Re: security/6126: Recent /usr/src/etc/aliases conflict w/ /etc/security
Date: Wed, 09 Sep 1998 15:03:05 -0400
On Sun, 9 Mar 1997 15:17:10 +0100 (MET) Erik Bertelsen wrote:
>
> >Description:
> /etc/security will diagnose the presence of a decode alias, but
> a few days ago, the distributed /etc/aliases had this alias
> added, probably to be able to detect and trap attacks trying
> to abuse this alias.
!?
In both -current and 1.3.2 the decode alias is mapped to user
nobody and commented out. Further it has a comment that
says "don't enable this".
Are you saying it's no longer a comment?
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.