Summary : Security check program COPS

From: Manjeet Rekhi (manjeet@iglou.com)
Date: Tue Jul 09 1996 - 16:43:00 CDT


Thanks for prompt responses !! Here is the summary :

>1. Is it a security risk to put . in your path ? Even if this machine is
> protected by firewall and has very limited access ?

Yes, some user may ask you to run trojan horse. Better cautious than sorry.
Though we have no user defined, nevertheless, I will remove '.' from path.

>Warning! /usr/lib/sendmail could have a hole/bug! (CA-88:01)
>Warning! /bin/login could have a hole/bug! (CA-89:01)
>Warning! /usr/ucb/rdist could have a hole/bug! (CA-91:20)

>2. What is meant by other 3 messages ? Is it asking for later/secure
> version of these programs ?

These are CERN Advisories (CA) messages; check out http://www.cert.org/ for
details.

Thanks to all who posted replies so fast and to those who are going to reply.

...manjeet

P.S. One person wondered if posting security holes in public is appropriate.
     This email is from my ISP. I have not disclosed my server name/address.
     Thanks for concern !



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:04 CDT