[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: Vulnerability in HP sysdiag??? and securetty - clarification
From: "Nicolas J. Hammond" <njhm () ns ! njh ! com>
Date: 1996-09-26 6:09:26
[Download RAW message or body]
Beebe, Todd wrote ...
> Funny thing..
>
> [...]
> annoying password.
>
> On a side note, if there are any SysAdmins out there using the
> /etc/securetty file as a means to disallow direct root login, don't. It
> also
> has a "bug" that HP support never gave me a answer for. If you
> use xterm to login to your server it doesn't use the /etc/securetty file
> so the tty is not secure, you can get a direct login as root without
> any changes to the system. I thought somewhere within C2 specifications
> it talked about disallowing direct root login....
This is not in the C2 requirements of the "Orange Book"
(the book that defines security class requirements)
--
Nicolas Hammond NJH Security Consulting, Inc.
njhm@njh.com 211 East Wesley Road
404 262 1633 Atlanta
404 812 1984 (Fax) GA 30305-3774
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic