[267] in bugtraq
Re: full disclosure
daemon@ATHENA.MIT.EDU (nms@hacksaw.rutgers.edu)
Wed Nov 30 15:38:51 1994
Date: Wed, 30 Nov 1994 03:33:19 -0500
From: "" <nms@hacksaw.rutgers.edu>
To: morgan@engr.uky.edu
Cc: bugtraq@fc.net
In-Reply-To: <9411291250.AA27261@s.ecc.engr.uky.edu> (morgan@engr.uky.edu)
>From: morgan@engr.uky.edu (Wes Morgan)
>
...text removed...
>
>ObBug: As shipped, AT&T SVR4 3.1 for the StarServer E creates logfiles
> /tmp/rlogind and /tmp/ftpd. The rlogind logfile is harmless
> enough, but the ftpd logfile includes userids and passwords. By
> default, the files are world readable.
>
>Workaround: I could never find a patch from NCR/ATT. I created an
> empty /tmp/ftpd during boot, protecting it at 600. This
> does not prevent entries from being made, but it does keep
> the information (relatively) private.
>
>--Wes
>
Your solution uses the fact that an existing /tmp/ftpd file is appended
to if it already exists. Using this info a better way would be to edit
the binary and replace the /tmp/ftpd string with /dev/null. After editing
don't forget to update your cryptographic checksum database.
-nms
