Xref: utzoo comp.sys.att:4911 unix-pc.general:1855 Path: utzoo!utgpu!watmath!uunet!xanth!ames!mailrus!rutgers!rochester!pt.cs.cmu.edu!cadre!pitt!amanue!jr From: jr@amanue.UUCP (Jim Rosenberg) Newsgroups: comp.sys.att,unix-pc.general Subject: Re: /etc/pwcntl on the 3B1 (3.51), anyone? Keywords: pwcntl login lastlog Message-ID: <441@amanue.UUCP> Date: 12 Dec 88 06:49:46 GMT References: <7059@chinet.chi.il.us> <5439@cbmvax.UUCP> <440@uncle.UUCP> Reply-To: jr@amanue.UUCP (Jim Rosenberg) Organization: Amanuensis Inc., Grindstone, PA Lines: 29 In article <440@uncle.UUCP> jbm@uncle.UUCP (John B. Milton) writes: >For those of you who have a lot of >public access, some of the attempts will be quite interesting. This makes pwcntl >a good place to look for break-in attempts. A lot of typos and line noise >"names" get entered here too. Aaaaaaaarghhhhhhhhhh!!!! Until this discussion I'd never taken a look at /etc/pwcntl. When I did I nearly had a heart attack! On my system it was completely public. An od -c on this file revealed something in plain text that you don't wanna have *ANYWHERE*. Hint: Have you ever by mistake typed your password to the login: prompt? Of course, all UNIX users should be warned that typing your password to the login prompt can broadcast it; any user who might be doing a ps -fe at the time could see it. (Not on the 3b1, actually, since ps -fe on the 3b1 doesn't do the right thing. [Dammit!]) Little did I know that this gaffe leaves a PERMANENT record. A [formerly] public permanent record! I wasn't concerned that I might have compromised a password because I knew at the time I was the only user of the system. To all 3b1/7300 users: take a look at this doggoned file *TODAY*. You might find YOUR OWN PASSWORD (or worse!) staring you in the face. Yet another thing to add to the list of security problems on the 3b1. -- Jim Rosenberg CIS: 71515,124 decvax!idis! \ WELL: jer allegra! ---- pitt!amanue!jr BIX: jrosenberg uunet!cmcl2!cadre! /