[FUGSPBR] login_conf["Exploitado"]...:)
Marcos Tischer Vallim
nightzone em gullo.com.br
Sex Set 21 08:53:29 BRT 2001
afternoon all,
For those of you who havent gotten around to patching login_cap.c
to fix the openssh login class exploit recently released, I have a quick
fix that should be good enough to stop pests reading files on your system,
such as master.passwd.
using vipw, add all users to a login class that has been defined in
/etc/login.conf
for most people simply adding the user to standard will suffice:
bob:xxxxxxxxxxxxx:1062:1062::0:0:bob t builder:/home/bob:/usr/local/bin/bash
should be changed to
bob:xxxxxxxxxxxxx:1062:1062:standard:0:0:bob t
builder:/home/bob:/usr/local/bin/bash
which corresponds to:
standard:\
:tc=default:
in /etc/login.conf
This has been tested and found to prevent the exploit in 4.0, 4.1, 4.3
and 4.4-RC
Yours,
Marc Rogers
Technical Director
European Data Corporation
----
Para sair da lista envie um e-mail para majordomo em fugspbr.org
com as palavras "unsubscribe fugspbr" no corpo da mensagem.
Mais detalhes sobre a lista de discussão freebsd