Subject: security/3331: Recent /etc/src/aliases conflict with /etc/security
To: None <>
From: Erik Bertelsen <>
List: netbsd-bugs
Date: 03/14/1997 12:23:18
>Number:         3331
>Category:       security
>Synopsis:       Recent /etc/src/aliases conflict with /etc/security
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    gnats-admin (GNATS administrator)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Mar 14 02:35:01 1997
>Originator:     Erik Bertelsen
>Release:        NetBSD-current 11 March 1997
System: NetBSD 1.2C NetBSD 1.2C (ERIKBE) #16: Mon Mar 3 09:30:20 MET 1997 i386

	After /etc/src/aliases as update to contain an alias for "decode",
	/etc/security will complain each day:

	Subject: daily insecurity output

	# trap decode to catch security attacks
	decode:         root

	There is an entry for uudecode in the /etc/aliases file.

	Install current /etc/aliases and /etc/security and watch the
	daily mails to root.
	Inferior fix: back out the addition of "decode" from aliases.
	Better fix: teach /etc/security to only complain about the
	tradition decode alias involving uudecode.

	Erik Bertelsen
	(sending 3rd time, hoping that security PR's now get accepted)