by Teri Smit » Fri, 13 Dec 1996 04:00:00
I have some very specific security questions pertaining to DEC UNIX v3.x
and would like the email address of some with in-depth knowledge. My
questions pertain to unowned files, hidden files, .rhosts usage,
user/group ID's with no passwords, SUID and GUID, and root activity
logging.
Thank you for any help you can provide.
1. DEC and Security (Was: Re: CERT Sun Security announcement)
I agree with it. For example I told CERT and our local DEC vendor a
vulnerability in DEC's xterm (dxterm). It was two month ago. CERT
answered me after some days, gave it a Vulnerability number
(VU#20347), gave it to DEC's Software Security Response Team (SSRT)
and told me DEC is working on it. But DEC didn't fix anything upto
now. They didn't even warn their customers of it, even though a
simple fix is very easy (do not run dxterm suid root!).
So maybe it's DEC's Policy not to give any information, so no one can
talk about a bugful Pruduct: Ultrix.
Maybe any DEC-Administrator should ask his local vendor about it ...
--
2. How to cause the cpu to be rescheduled (in a driver)?
3. V3.0 on a Dec Alpha 166 Multia ?
4. Does the java browser plugin need libintl?
5. Video, Mouse and Keyboard on DEC UNIX V3.2C
7. Problem compiling crack 4.1 on DEC OSF/1 V3.0
9. XF86 v3 - S3 virge GX (86C385) - DEC PC5100 - corrupts text consoles
10. Printer setup on a DEC running Digital Unix V3.2D
11. IBM-ERS Security Vulnerability Alert: AIX V3 rmail vulnerability
12. ISS Security Alert Summary v3 n5
13. AIX V3 security configuration question