| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
From: David Holland <dholland@eecs.harvard.edu>
To: bboett@erm1.u-strasbg.fr
Date: Sat, 19 Oct 1996 02:22:51 -0400 (EDT)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.95.961017093629.159D-100000@yoda.u-strasbg.fr> from "Bruno Boettcher" at Oct 17, 96 09:39:44 am
> last days i had lots of reports about in.comsat calls from other hosts in
> my domain....
> Are there only goofy users or is there any exploit on this?
I don't know of any issues in in.comsatd, but if you find any, let me
know.
Is there any reason comsatd should ever accept packets from anyplace
other than localhost?
In any event unless you actually need comsatd I'd recommend shutting
it off. It's not a terribly great idea in a number of ways.
> [REW: There certainly are holes in comsat when your utmp file is
> world writable, (which some people do to be able to strip the suid bit
> off xterm and friends.)]
I believe the current comsatd source is reasonably resistant to these
problems, due to some Sun exploits that were floating around a few
years ago. There are certainly easier ways to attack via a writeable
utmp than comsatd.
--
- David A. Holland | VINO project home page:
dholland@eecs.harvard.edu | http://www.eecs.harvard.edu/vino
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |