On Thu, Sep 20, 2001 at 09:48:34PM +0200, Przemyslaw Frasunek wrote: > [snip] > in session.c, which allows to read ANY file in system with superuser > privileges, by defining: > > default:\ > :copyright=/etc/master.passwd: > or > :welcome=/etc/master.passwd: > in user's ~/.login_conf. > > [snip telnetd/login] > default:\ > :nologin=/etc/master.passwd: > > [blah blah FreeBSD core] > > Official advisory is pending. It's possible, that other *BSD systems, > supporting login capability database are also vulnerable. I can't duplicate either of these with OpenBSD 2.9. -- David Terrell | "My question is, if a mime types, isn't dbt@meat.net | that kinda cheating?" http://wwn.nebcorp.com/ | - Jason Zych
