Bugtraq mailing list archives
Re: HP Security vulnerability in the man command
From: vtmue () UNI-FREIBURG DE (V. T. Mueller)
Date: Wed, 7 Jun 2000 18:39:46 +0200
On Tue, 6 Jun 2000, Philipp Buehler wrote:
Theo de Raadt wrote To BUGTRAQ () SECURITYFOCUS COM:0) HP *still* insists on NOT setting the sticky bit on world-writeable temporary directories (/tmp and /var/tmp) on default installs of HPUX.If this is the case, then any temporary file which gets reopened is not safe. A *lot* of software does reopening by name.Handling temporary files is broken in so many scripts .. e.g. I just *wait* for the next broken Oracle installer for such a hole. Other point. I have 2 "default" installed HP-UX 10.20 boxes and I *have* the sticky bit set on /tmp which cures the problem by itself. Well, the behaviour of `man' is not nice anyway. Could the original poster elaborate on his "default" installation? I could only think of installations which are no TCB HP-UX. I will check the change logs, but I don't think the +t depends on that. You *should* use TCB anyway on HP-UX, or how do you want to manage "shadowed" passwords there properly? Or do you really want to live with word readable hashed passwords?
Hi Fips, Either s/o changed this or you ordered those systems with instant ignition (OS pre-installed), and s/o at HP did it. It is a *fact* that until now (11.0/11.1 for V class systems) HP-UX default installations have /tmp as well as /var/tmp both set to 0777. A good point to start for practical help on how to secure a HP-UX system is http://people.hp.se/stevesk/index.html . Changing the system state to a trusted system only does not really improve system security in a significant way. Best regards, Volker -- V. T. Mueller UCC Freiburg, Germany vtmue (at) uni-freiburg.de "Never send a human to do a machine's job" Agent Smith, The Matrix
Current thread:
- Re: An Analysis of the TACACS+ Protocol and its Implementations Juan M. Courcoul (Jun 01)
- Re: An Analysis of the TACACS+ Protocol and its Implementations Eccentric (Jun 01)
- HP Security vulnerability in the man command Jason Axley (Jun 02)
- MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver Drew (Jun 05)
- Re: HP Security vulnerability in the man command Theo de Raadt (Jun 05)
- Re: HP Security vulnerability in the man command Philipp Buehler (Jun 06)
- Password Generation during RH Linux 6.x Installation William R. Lorenz (Jun 07)
- Re: Password Generation during RH Linux 6.x Installation Fabian Kroenner (Jun 08)
- Re: HP Security vulnerability in the man command V. T. Mueller (Jun 07)
- HP Security vulnerability in the man command Jason Axley (Jun 02)
- Re: An Analysis of the TACACS+ Protocol and its Implementations Eccentric (Jun 01)