lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 29 Sep 2007 20:01:39 +0200
From: "Jeffrey Denton" <dentonj@...il.com>
To: "full-disclosure@...hmail.com" <full-disclosure@...hmail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: New RFID Mailing List Owner 0day

Your script assumes a few things that are not part of a default
Slackware install.

# This script was created for use on Slackware!

>         exit 5

What is the purpose of the exit status code of 5?  Yes, any non-zero
number indicates an error.  Common exit codes are 0 (succeeded), 1 (or
any non-zero number, failure), 126 (command found but not executable),
127 (command not found), and 128+N (fatal error where N is the SIGNAL
that caused the exit).  An exit status of 5 works, just curious as to
its purpose.

> chown root.staff ping

"staff" is not a default group in Slackware.  Your script assumes that
it has already been created.

> chmod 500 ttysnoop

"ttysnoop" is not installed by Slackware.

> chmod 600 inetd.conf

It would also be a good idea to remove the execute permissions from
/etc/rc.d/rc.inetd and any other service in /etc/rc.d that isn't
needed.  Restricting the read permissions of the contents of that
directory is also a good idea.

> cp /root/slack/syslog.conf /etc

The file, "/root/slack/syslog.conf" does not exist by default in Slackware.

> # Tighten up the log file perms now
> cd /var/log
> chmod 600 syslog log.auth log.cron log.daemon log.kern log.mail
> log.mark log.syslog
> chmod 600 log.user messages ftp.log secure.log
> chown root.wheel syslog log.auth log.cron log.daemon log.kern
> log.mail log.mark log.syslog
> chown root.wheel log.user messages ftp.log secure.log

Most of these files do not exist by default.  I'll assume that they
are the product of your custom syslog.conf.

> echo "MAKE SURE YOU ADD USERS THAT YOU WANT TO BE ABLE TO SU TO
> ROOT"
> echo "TO THE ROOT AND WHEEL GROUPS OR THEY WON'T BE ABLE TO!!!!!!."

There is nothing in a default Slackware install that will restrict the
use of the "su" command.  Slackware does not use PAM.  The
"/etc/suauth" file does not exist by default.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists