Bugtraq mailing list archives
Re: digital unix 4.0 hole
From: jmcdonal () OSPREY UNF EDU (John McDonald)
Date: Sun, 16 Nov 1997 02:36:58 -0500
On Sat, 15 Nov 1997, Emmanuel Gadaix wrote:
Verified on 3.2 with dbx 3.11.8 but it dumps core as user, not as root. Won't overwrite files and won't write in a directory where user doesn't have permissions.
Ok.. I've had 6 people email and confirm that it does work for Digital Unix 4.0, and 4.0B.
PS As Tom Leffingwell <tom () SBA MIAMI EDU> said yesterday : : DU doesn't allow +'s in /.rhosts, at least under C2, and I think so in : general. It doesn't seem to work even if you specify a user, either.
We have the C2 security package installed under 4.0, and + + appears to work fine. There is an option called NO_PLUS I think that can be set in /etc/hosts.equiv that will globally prevent the + wildcard. humble - jmcdonal () unf edu
Current thread:
- Re: digital unix 4.0 hole Johan Danielsson (Nov 14)
- <Possible follow-ups>
- Re: digital unix 4.0 hole Emmanuel Gadaix (Nov 14)
- Re: digital unix 4.0 hole John McDonald (Nov 15)
- Re: digital unix 4.0 hole Paul Szabo (Nov 20)