[17049] in bugtraq
User operator under Red Hat 6.2
daemon@ATHENA.MIT.EDU (DIEGO GARCIA _ DIRECCION DE SISTEM)
Wed Oct 4 16:06:57 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Message-Id: <39DB438A.75213303@javercol.javeriana.edu.co>
Date: Wed, 4 Oct 2000 09:49:46 -0500
Reply-To: "DIEGO GARCIA _ DIRECCION DE SISTEMAS-." <drgarcia@JAVERIANA.EDU.CO>
From: "DIEGO GARCIA _ DIRECCION DE SISTEMAS-." <drgarcia@JAVERIANA.EDU.CO>
To: BUGTRAQ@SECURITYFOCUS.COM
Good day,
It's not necessesary a bug but is abig problem when you install Red Hat 6.2 and one
user different to root has guid root, even worse if you don't know it.
User: operator
Home : /root (oops! same home than root, same bash history!)
Main group: root
(May be you find usefully operator user but may be you must change its home,
also you must think about that in a dictionary attack there are two roots to find)
If you find some PAM message with a remote change password to operator
becarefull, may you must look for in root history not-normal activity
Have a nice IT day
Diego Garcma
System administrator
Pontificia Universidad Javeriana
t. (571) 3208320 ext. 2362
