Home page logo

bugtraq logo Bugtraq mailing list archives

Beer & talk at Usenix Security Symposium
From: watson () edfub8 (Paul)
Date: Thu, 1 Jun 95 12:36:59 AKD

To all interested parties:
   Anyone interested in getting together for some beer and
security type chatting at the Symposium, please drop me
and email and we will try to set a time/place for us all to

(Although that was *somewhat* security related, I will try to make 
this a little more worth reading for those who will not be attending)

Obbug:  I have noticed this on SunOS 4.1.3 running X11R5 and
motif 1.2.3.   Anyone can get limited (possibly more) access to the
system if:
   -There is a ".xsession" file that is world readable in the root "/" 
     directory (i.e. 644 as usual)
   -Sync account is left with default passwd entry of
     "sync::5:1:/:/bin/csh"  (i.e. Which is the Sun install default)

A user can the login as "sync" on the workstation, and the 
.xsession file is executed prior to the users login shell of "/bin/sync"
Although the "login" will contain no shells, any other tools started
by .xsession, such as filemanagers, etc will still function allowing
anyone to browse the system, read files, etc...

     Suggested fix: Simply place an asterix in the passwd field of the sync
account which will prevent any "no passwd" logins.

    I have not explored this extensively, and the risk of this may be more
pronouced... I welcome any ideas or thoughs...

| Paul A. Watson                 | Current Assignment:         | 
| System Administrator           |   USAF 611 OSS/TBX          |
| Work : (907) 552-7974          |   6900 9th Street, Room 139 |
| Home : (907) 274-9026          |   Elmendorf AFB, AK  99506  |
| Fax  : (907) 552-1120          |   Anchorage, AK  99501      |
| Email: watson () ctis af mil      |                             |

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]