NetBSD Problem Report #6126

Received: (qmail-queue invoked from smtpd); 9 Mar 1997 13:20:07 -0000
Message-Id: <199703091417.PAA14553@erik-be.uni-c.dk>
Date: Sun, 9 Mar 1997 15:17:10 +0100 (MET)
From: Erik Bertelsen <erik@erik-be.uni-c.dk>
Reply-To: erik@sockdev.uni-c.dk
To: gnats-bugs@gnats.netbsd.org
Subject: Recent /usr/src/etc/aliases conflict w/ /etc/security
X-Send-Pr-Version: 3.95

>Number:         6126
>Category:       security
>Synopsis:       Recent /usr/src/etc/aliases conflict w/ /etc/security
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    gnats-admin
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Sep 08 13:05:00 +0000 1998
>Closed-Date:    Tue Sep 08 20:18:10 +0000 1998
>Last-Modified:  Tue Sep 08 20:18:50 +0000 1998
>Originator:     Erik Bertelsen
>Release:        NetBSD-current , 8 March 1997
>Organization:
	UNI-C
>Environment:

System: NetBSD erik-be.uni-c.dk 1.2C NetBSD 1.2C (ERIKBE) #16: Mon Mar 3 09:30:20 MET 1997 erik@erik-be.uni-c.dk:/sw/NetBSD/src/sys/arch/i386/compile/ERIKBE i386


>Description:
	/etc/security will diagnose the presence of a decode alias, but
	a few days ago, the distributed /etc/aliases had this alias
	added, probably to be able to detect and trap attacks trying
	to abuse this alias.
>How-To-Repeat:
	Install -current /etc/aliases and /etc/security and read root's
	mailbox the following day.
>Fix:
	Either remove "decode" from aliases again or learn the security
	script that (some versions of) decode is acceptable.


	regards
	Erik Bertelsen
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: pk 
State-Changed-When: Tue Sep 8 13:18:10 PDT 1998 
State-Changed-Why:  
time-warped clone of 3331 

From: Erik Bertelsen <erik@mediator.uni-c.dk>
To: gnats-bugs@gnats.netbsd.org
Cc:  Subject: Re: security/6126: Recent /usr/src/etc/aliases conflict w/ /etc/security
Date: Tue, 8 Sep 1998 22:46:18 +0200

 On Sun, Mar 09, 1997 at 03:17:10PM +0100, Erik Bertelsen wrote:
 > 
 > >Number:         6126
 > >Category:       security
 > >Synopsis:       Recent /usr/src/etc/aliases conflict w/ /etc/security

 Why did that PR pop up now? -- the problem was fixed in april.

 Looking at the mail headers of the PR just mailed out, it seems that
 it was received by homeworld.cygnus in March when the PR was originally sent.

 Anyway, it is a duplicate of security/3331, and 6126 may consequently be
 closed.

 - Erik

From: "Eric S. Hvozda" <hvozda@ack.org>
To: erik@sockdev.uni-c.dk
Cc: gnats-bugs@gnats.netbsd.org
Subject: Re: security/6126: Recent /usr/src/etc/aliases conflict w/ /etc/security 
Date: Wed, 09 Sep 1998 15:03:05 -0400

 On Sun, 9 Mar 1997 15:17:10 +0100 (MET)  Erik Bertelsen wrote:
 > 
 > >Description:
 > 	/etc/security will diagnose the presence of a decode alias, but
 > 	a few days ago, the distributed /etc/aliases had this alias
 > 	added, probably to be able to detect and trap attacks trying
 > 	to abuse this alias.

 !?

 In both -current and 1.3.2 the decode alias is mapped to user
 nobody and commented out.  Further it has a comment that
 says "don't enable this".

 Are you saying it's no longer a comment?
>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.