[2951] in bugtraq
Re: [linux-security] sliplogin (fwd)
daemon@ATHENA.MIT.EDU (Nate Williams)
Tue Jul 16 20:53:18 1996
Date: Tue, 16 Jul 1996 19:27:12 -0500
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Nate Williams <nate@mt.sri.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.SGI.3.91.960716185055.7842B-100000@umbc7.umbc.edu>
[ Linux sliplogin bug ]
> Interesting. The code is the same on FreeBSD, it looks like. However, on
> the default distributed system, there isn't a /etc/sliphome directory,
> which is necessary for sliplogin to startup correctly. Therefore the
> standard FreeBSD distribution dies out before it gets anywhere near the
> system command. If you do run slip off of your system however, its much
> more possible that bad things can happen..
Also, note the following:
revision 1.6
date: 1996/04/24 20:18:25; author: pst; state: Exp; lines: +9 -0
Close a security hole in sliplogin.
If you use sliplogin as a user shell (in /etc/passwd) upgrade to this version.
Reviewed by: bde, peter
Submitted by: AUS CERT
Obtained from: Linux sliplogin-2.02
So, even if you setup /etc/sliphome, your system won't be vulnerable.
Nate
