[17875] in Athena Bugs
Re: security hole?
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Tue May 30 20:18:39 2000
Date: Tue, 30 May 2000 20:18:35 -0400 (EDT)
Message-Id: <200005310018.UAA20849@speaker-for-the-dead.mit.edu>
To: Ron Hoffmann <hoffmann@mit.edu>
CC: bugs@mit.edu, hoffmann@mit.edu
In-reply-to: "[17800] in Athena Bugs"
From: Jonathon Weiss <jweiss@MIT.EDU>
> Take an ultra* with the current field release,
> detach it's packs and attach decstation packs.
>
> Now log off.
>
> Before it reactivates and gets useful packs,
> try and log in as root. You will find that
> after providing the username and <cr> you'll
> get a bunch of errors, and then a shell prompt.
> This without ever having provided a password.
Since Greg was unable to reproduce this, and since you need to be a
privledged user to attach things on /srvd, I'm going to close this
report. If you can reproduce it, feel free to drop us another note.
--
Jonathon
