Bugtraq mailing list archives
Re: Vulnerability in HP sysdiag??? and securetty - clarification
From: njhm () ns njh com (Nicolas J. Hammond)
Date: Thu, 26 Sep 1996 06:09:26 -0400
Beebe, Todd wrote ...
Funny thing.. [...] annoying password. On a side note, if there are any SysAdmins out there using the /etc/securetty file as a means to disallow direct root login, don't. It also has a "bug" that HP support never gave me a answer for. If you use xterm to login to your server it doesn't use the /etc/securetty file so the tty is not secure, you can get a direct login as root without any changes to the system. I thought somewhere within C2 specifications it talked about disallowing direct root login....
This is not in the C2 requirements of the "Orange Book" (the book that defines security class requirements) -- Nicolas Hammond NJH Security Consulting, Inc. njhm () njh com 211 East Wesley Road 404 262 1633 Atlanta 404 812 1984 (Fax) GA 30305-3774
Current thread:
- Re: Vulnerability in HP sysdiag??? and securetty Beebe, Todd (Sep 25)
- Re: Vulnerability in HP sysdiag??? and securetty - clarification Nicolas J. Hammond (Sep 26)