Subject: Re: root password : security hole ?
To: Florence HENRY <Florence.Henry@obspm.fr>
From: Ed Wensell III <ewensell3@yahoo.com>
List: netbsd-users
Date: 03/12/2003 05:32:38
--- Florence HENRY <Florence.Henry@obspm.fr> wrote:
> On a digital unix, both give Login incorrect.

Solaris 8 responds with "Not on system console"...
 
> What do you think about that ? Could it be a security hole ?

Security hole? Nah... A hole indicates a straightforward way to compromise
the system. Security concern? Maybe, since this does give more information
to the attacker than we'd really like. What does the C2 system security
spec say on this??

Without looking at the code, it sounds like the root account is being
treated just like any other restricted/disabled account. With the correct
login credentials you are being passed on into the system at which point
the login restrictions take effect. What is the message if you use the
correct credentials to gain access to a restricted user account?

> ---
> Florence HENRY
> florence point henry arobasse obspm point fr


=====
Ed Wensell III
http://www.geocities.com/ewensell3

"Dude! A 'blue-screen' on a VT220 can't be a good thing."

__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - establish your business online
http://webhosting.yahoo.com