*BSD News Article 18195


Return to BSD News archive

Newsgroups: comp.os.386bsd.questions
Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!agate!usenet.ins.cwru.edu!magnus.acs.ohio-state.edu!csn!csn!arrayb!cwolff
From: cwolff@intellistor.com (Clint Wolff)
Subject: Re: Challenge
Message-ID: <1993Jul9.204659.1642@intellistor.com>
Keywords: cron
Organization: Intellistor, Longmont, CO
References: <21hqc6$l1@Germany.EU.net> <21hurt$5ko@terminator.rs.itd.umich.edu> <21i0bh$nn@Germany.EU.net>
Date: Fri, 9 Jul 93 20:46:59 GMT
Lines: 25

In article <21i0bh$nn@Germany.EU.net> bs@Germany.EU.net (Bernard Steiner) writes:
>
>In article <21hurt$5ko@terminator.rs.itd.umich.edu>, pauls@terminator.rs.itd.umich.edu (Paul Southworth) writes:
>|> Recommend you turn off tftp if you haven't already, unless you're booting
>|> xterms.
>
>Why ? tftpd is supposed to run uid nobody chroot() to the tftpdirectory.
>
>Can't see how any harm can be done.
>

Take a quick look at your system, and see how many of your company proprietary
files are in directories that are world read/execute... ALL of these files 
are accessible to tftp... This is bad...

clint
-- 
+-----------------------------------------------------------------------------+
| Clint Wolff                                          Blonde and proud of it |
| Fujitsu Computer Products of America - Intellistor Research and Development |
| cwolff@slowboy.intellistor.com       Ex-hacker... Now System Admininstrator |
+-----------------------------------------------------------------------------+
|       SAVE BANDWIDTH... EMAIL YOUR RESPONSES TO THE PERSON WHO ASKED...     |
|     DON'T POST ME-TO MESSAGES... EMAIL THE ORIGINAL POSTER FOR A SUMMARY    |
+-----------------------------------------------------------------------------+