Subject: (from BugTraq) Re: Question about Local vulnerability in libutil
To: None <tech-security@netbsd.org>
From: Jeremy C. Reed <reed@reedmedia.net>
List: tech-security
Date: 09/21/2001 12:25:15
On Fri, 21 Sep 2001, Seth Arnold wrote to BugTraq:

> This latest vulnerability is specific to systems that have implemented
> the BSD authentication class scheme. So, as far as I know, the only
> systems that could be vulnerable to this particular problem are BSDi,
> FreeBSD, OpenBSD, and possibly NetBSD.[1] So far, there have been
> confirmations of FreeBSD vulnerability, a compellingly good description
> of why OpenBSD is not vulnerable, and (as far as I remember) no feedback
> from BSDi or NetBSD.

As far as I know, the authentication / login class capability system used
by NetBSD is based on the BSD/OS implementation; I don't think it is
related to the FreeBSD code.

As far as I can tell, NetBSD's doesn't offer user-defined login class
attributes (such as ~/login.conf).

Can anyone verify this? Thanks.

So the following FreeBSD issues doesn't apply to NetBSD (or BSD/OS)?

Date: Thu, 20 Sep 2001 21:48:34 +0200
From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
To: bugtraq@securityfocus.com
Subject: Local vulnerability in libutil derived with FreeBSD 4.4-RC (and
    earlier)

> in session.c, which allows to read ANY file in system with superuser
> privileges, by defining:
>
> default:\
>  :copyright=/etc/master.passwd:
>
> or
>
>  :welcome=/etc/master.passwd:
>
> in user's ~/.login_conf.

...

> defined in login capability database. User can read ANY file in system by
> defining:
>  
> default:\
>  :nologin=/etc/master.passwd:


Thanks,

   Jeremy C. Reed
   http://www.reedmedia.net/