[5631] in bugtraq
Re: digital unix 4.0 hole
daemon@ATHENA.MIT.EDU (John McDonald)
Sun Nov 16 15:18:46 1997
Date: Sun, 16 Nov 1997 02:36:58 -0500
Reply-To: John McDonald <jmcdonal@OSPREY.UNF.EDU>
From: John McDonald <jmcdonal@OSPREY.UNF.EDU>
X-To: Emmanuel Gadaix <emmanuel@SIAMRELAY.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <3.0.2.32.19971115125920.0070a6a0@production>
On Sat, 15 Nov 1997, Emmanuel Gadaix wrote:
> Verified on 3.2 with dbx 3.11.8 but it dumps core as user, not as root.
> Won't overwrite files and won't write in a directory where user doesn't
> have permissions.
Ok.. I've had 6 people email and confirm that it does work for Digital
Unix 4.0, and 4.0B.
> PS
> As Tom Leffingwell <tom@SBA.MIAMI.EDU> said yesterday :
> : DU doesn't allow +'s in /.rhosts, at least under C2, and I think so in
> : general. It doesn't seem to work even if you specify a user, either.
We have the C2 security package installed under 4.0, and + + appears to
work fine. There is an option called NO_PLUS I think that can be set in
/etc/hosts.equiv that will globally prevent the + wildcard.
humble - jmcdonal@unf.edu
