|
|
ARCHIVE: Zardoz 'Security Digest' - Archives (1989 - 1991)
DOCUMENT: Zardoz 'Security Digest' V2 #4 1990-01-25 (1 file, 742 bytes)
SOURCE: http://securitydigest.org/exec/display?f=zardoz/archive/204.txt&t=text/plain
NOTICE: securitydigest.org recognises the rights of all third-party works.
START OF DOCUMENT
Date: Thu, 25 Jan 90 12:55:41 PST
Subject: Security Digest V2 #4
Security Digest Volume 2 Issue 4
subject(s):
Glitch in SunOS distribution passwd files
------------------------------------------------------------------------
Date: Thu, 25 Jan 90 10:43:00 EST
From: uunet!umiacs.UMD.EDU!steve
Subject: Glitch in SunOS distribution passwd files
I thought I'd pass this along just in case no one else has.
--from-- bob@kahala.soest.hawaii.edu (Bob Cunningham)
--subject-- check "atn" and "sundiag" passwd entries in new 4/60s
At least some SPARCstation1s (4/60s) shipped over the last 4-6 weeks with
SunOS4.0.3c pre-installed have one or both of the following entries in
/etc/passwd:
atn::8000:40:Operations-ATN:/usr/atn:/bin/csh
sundiag::0:1:System Diagnostic:/sundiagstart:/bin/csh
Needless to say, both represent security loopholes.
The entries are artifacts of the Automated Test Network used in
manufacturing, and were a temporary glitch in the manufacturing
process that has since been corrected. Neither should appear as shown
above, only the sundiag entry should appear, and it should have a
disabled password and different directory like this:
sundiag:*:0:1:System Diagnostic:/usr/diag/sundiag:/usr/diag/sundiag/sundiag
The "atn" userid is Sun internal uid that customers should never see.
------------------------------------------------------------------------
End of Security Digest Volume 2 Issue 4
**********************
END OF DOCUMENT
| ISSN 1742-948X 01 (Online) | 2005/03/01 | Copyright 2002-2008 securitydigest.org. All rights reserved. |