Re: ~/.login_conf disabling exact reasons wanted

From: Andrey A. Chernov (ache@nagual.pp.ru)
Date: 09/22/01

• Next message: Alexander Langer: "Re: ~/.login_conf disabling exact reasons wanted"
• Previous message: Andrey A. Chernov: "Re: ~/.login_conf disabling exact reasons wanted"
• In reply to: Andrey A. Chernov: "Re: ~/.login_conf disabling exact reasons wanted"
• Next in thread: Alexander Langer: "Re: ~/.login_conf disabling exact reasons wanted"
• Reply: Alexander Langer: "Re: ~/.login_conf disabling exact reasons wanted"
• Reply: Joseph Mallett: "Re: ~/.login_conf disabling exact reasons wanted"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 22 Sep 2001 15:17:52 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: security@FreeBSD.ORG, rwatson@FreeBSD.ORG

On Sat, Sep 22, 2001 at 15:11:17 +0400, Andrey A. Chernov wrote:
> If you mean his report in BUGTRAQ
> http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=215381&start=2001-09-19&end=2001-09-25
>
> it is hoax, we don't have such vulnerability in -current as I test.
> Please TEST things before commiting, especially to all branches.
> Please back it out.

Why it is hoax? One reason is simple, look at his examples:

----------------------------------------------------
default: :copyright=/etc/master.passwd:

or

 :welcome=/etc/master.passwd:

in user's ~/.login_conf.
---------------------------------------------------

Only "me" class can be defined in ~/.login_conf, anything else ignored
there. And "me" class picked up only when permissions are set to user
mode, at the end of setusercontext(). And "copyright" and "welcome" are
not overwriteable from "me" class in any case.

-- 
Andrey A. Chernov
http://ache.pp.ru/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Alexander Langer: "Re: ~/.login_conf disabling exact reasons wanted"
• Previous message: Andrey A. Chernov: "Re: ~/.login_conf disabling exact reasons wanted"
• In reply to: Andrey A. Chernov: "Re: ~/.login_conf disabling exact reasons wanted"
• Next in thread: Alexander Langer: "Re: ~/.login_conf disabling exact reasons wanted"
• Reply: Alexander Langer: "Re: ~/.login_conf disabling exact reasons wanted"
• Reply: Joseph Mallett: "Re: ~/.login_conf disabling exact reasons wanted"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Dear Bridge Player: Beware Sam Sloan ... One day he reported that Peter Leko, ... It was first reported on ICC that Peter Leko was dead by a hoaxer who ... I reported that it had been a hoax. ... also I was among the first to report that it had been a hoax. ... (rec.games.bridge) Re: Dear Bridge Player: Beware Sam Sloan ... One day he reported that Peter Leko, ... It was first reported on ICC that Peter Leko was dead by a hoaxer who ... I reported that it had been a hoax. ... also I was among the first to report that it had been a hoax. ... (rec.games.bridge) Re: What I hate..A rant! ... your state is broke from people like her. ... Some really smart guysput out a report that the ... Oh and by the way, global warming is now officially a hoax, according to the ... From the winger press & media. ... (alt.machines.cnc) Re: What I hate..A rant! ... Look calif guys, your state is broke from people like her. ... Some really smart guysput out a report that the ... Oh and by the way, global warming is now officially a hoax, according to ... (alt.machines.cnc) Re: Yeti prints found near Everest ... No mention of a beeping sound though, could be a hoax. ... If DWO comes out with a story that three prints of The Abominable Snowmen ... will be no truth to any rumor or hoax they report on this time... ... Merry CHRISTmas 2007 and Happy New Year 2008! ... (rec.arts.drwho)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2001-09