Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Vulnerability in HP sysdiag??? and securetty - clarification
From: njhm () ns njh com (Nicolas J. Hammond)
Date: Thu, 26 Sep 1996 06:09:26 -0400

Beebe, Todd wrote ...
Funny thing..

annoying password.

On a side note, if there are any SysAdmins out there using the
/etc/securetty file as a means to disallow direct root login, don't. It
has a "bug" that HP support never gave me a answer for.  If you
use xterm to login to your server it doesn't use the /etc/securetty file
so the tty is not secure, you can get a direct login as root without
any changes to the system.  I thought somewhere within C2 specifications
it talked about disallowing direct root login....

This is not in the C2 requirements of the "Orange Book"
(the book that defines security class requirements)

Nicolas Hammond                                 NJH Security Consulting, Inc.
njhm () njh com                                    211 East Wesley Road
404 262 1633                                    Atlanta
404 812 1984 (Fax)                              GA 30305-3774

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]