netbsd-bugs: security/6129: Recent aliases update contra /etc/security

Subject: security/6129: Recent aliases update contra /etc/security
To: None <gnats-bugs@gnats.netbsd.org>
From: Erik Bertelsen <erik@erik-be.uni-c.dk>
List: netbsd-bugs
Date: 09/08/1998 13:24:48

>Number:         6129
>Category:       security
>Synopsis:       Recent aliases update contra /etc/security
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    gnats-admin (GNATS administrator)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Sep  8 13:05:03 1998
>Last-Modified:
>Originator:     Erik Bertelsen
>Organization:
	
>Release:        NetBSD-current 3 March 1997
>Environment:
	
System: NetBSD erik-be.uni-c.dk 1.2C NetBSD 1.2C (ERIKBE) #16: Mon Mar 3 09:30:20 MET 1997 erik@erik-be.uni-c.dk:/sw/NetBSD/src/sys/arch/i386/compile/ERIKBE i386


>Description:
	Recently /usr/src/etc/aliases was updated to contain a new alias
	"decode" just pointing to root, probably to be able to notice when
	anybody tries to utilize this alias.

	However, /etc/security will complain each day because of the
	existence of this alias.
>How-To-Repeat:
	Update to current /etc/security and /etc/aliases and watch the
	following in root's mailbox:

	Subject: daily insecurity output

	# trap decode to catch security attacks
	decode:         root

	There is an entry for uudecode in the /etc/aliases file.


>Fix:
	Either remove decode from aliases again or teach the security
	script about acceptable versions of this alias.

	regards
	Erik Bertelsen
>Audit-Trail:
>Unformatted: