Date: Wed, 10 Oct 2001 13:20:04 -0700 (PDT) From: David Malone <dwmalone@maths.tcd.ie> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/31204: FreeBSD login will display secure log notices before password is given Message-ID: <200110102020.f9AKK4s45230@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/31204; it has been noted by GNATS. From: David Malone <dwmalone@maths.tcd.ie> To: David Ljung Madison <freebsd.org@daveola.com> Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: misc/31204: FreeBSD login will display secure log notices before password is given Date: Wed, 10 Oct 2001 21:10:40 +0100 On Wed, Oct 10, 2001 at 12:05:36PM -0700, David Ljung Madison wrote: > I was working on a friend's machine. If you try to login as root, you can see security warnings that only > root should see before you ever enter your password. An obvious exploit would be to login to the machine, enter "root" at > the login prompt, then sit back and watch security messages, which could > be very useful to an attacker to learn about what kind of security the > system has implemented Are you sure you weren't seeing these messages because you were logging on to the system console? The default syslog.conf logs a selection of messages to the console, including the one for attempted root logins. Some of the more sensitive messages shouldn't logged to the console. If you weren't logging in at the console, were you using telnet, ssh or another method to log in? David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200110102020.f9AKK4s45230>