system administration account <sysadmin_at_astro.su.se> wrote:
> Someone claiming to be "Paul Szabo" has been recommending that we disable
> /sbin/it and /sbin/init.d/rmtmpfiles on our Tru64 systems. Apparently that
> person expects us to do it on faith.
No: I expected system managers to scrutinize /sbin/it and rmtmpfiles, and
disable or patch them if they are deemed a security vulnerability for their
systems.
> The words "social engineering" come to mind.
Why the bitterness? Could not you "break root"?
> ... let me suggest an alternative workaround ...
The idea of /root-tmp is not new; it is not necessary in this case, /etc
will do nicely.
By publishing your 'workaround' you gave out info which may assist an
attacker: rmtmpfiles is not normally world readable.
Your 'find /dev ...' suggestion will not work on V5 systems where /dev is a
symlink: you need to use 'find /dev/ ...' there.
Paul Szabo - psz_at_maths.usyd.edu.au
http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
Received on Sun Dec 17 2000 - 20:34:30 NZDT