netbsd-bugs: security/6126: Recent /usr/src/etc/aliases conflict w/ /etc/security

Subject: security/6126: Recent /usr/src/etc/aliases conflict w/ /etc/security
To: None <gnats-bugs@gnats.netbsd.org>
From: Erik Bertelsen <erik@erik-be.uni-c.dk>
List: netbsd-bugs
Date: 09/08/1998 13:07:05

>Number:         6126
>Category:       security
>Synopsis:       Recent /usr/src/etc/aliases conflict w/ /etc/security
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    gnats-admin (GNATS administrator)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Sep  8 13:05:00 1998
>Last-Modified:
>Originator:     Erik Bertelsen
>Organization:
	UNI-C
>Release:        NetBSD-current , 8 March 1997
>Environment:
	
System: NetBSD erik-be.uni-c.dk 1.2C NetBSD 1.2C (ERIKBE) #16: Mon Mar 3 09:30:20 MET 1997 erik@erik-be.uni-c.dk:/sw/NetBSD/src/sys/arch/i386/compile/ERIKBE i386


>Description:
	/etc/security will diagnose the presence of a decode alias, but
	a few days ago, the distributed /etc/aliases had this alias
	added, probably to be able to detect and trap attacks trying
	to abuse this alias.
>How-To-Repeat:
	Install -current /etc/aliases and /etc/security and read root's
	mailbox the following day.
>Fix:
	Either remove "decode" from aliases again or learn the security
	script that (some versions of) decode is acceptable.


	regards
	Erik Bertelsen
>Audit-Trail:
>Unformatted: