diff options
| author | cjc <cjc@FreeBSD.org> | 2001-06-21 19:17:15 +0000 |
|---|---|---|
| committer | cjc <cjc@FreeBSD.org> | 2001-06-21 19:17:15 +0000 |
| commit | 8b883929b6ea42f3dbd25e13960b76987c16a962 (patch) | |
| tree | cf929503acbefa76554d8f2ad7b3fe40e1cd1e1b /etc/security | |
| parent | 260e54cab4f480e0b22f47857dae2820019f21c0 (diff) | |
| download | FreeBSD-src-8b883929b6ea42f3dbd25e13960b76987c16a962.zip FreeBSD-src-8b883929b6ea42f3dbd25e13960b76987c16a962.tar.gz | |
Fixing a bug reported on freebsd-security. It is possible for
non-printable characters to sneak into /var/log/messages (e.g.
someone aims a Solaris/Linux RCP exploit at your FreeBSD box and
you end up with his shellcode as part of a log entry). You might
get something like,
host.mydom.org login failures:
Binary file (standard input) matches
In the daily security script as a result. Allowing attackers to
mess with your security script's ability to accurately report
is a Bad Thing. Tell grep(1) to treat /var/log/messages like a
text file even if it has non-printable characters.
Submitted by: Tim Zingelman <zingelman@fnal.gov> on freebsd-security
Approved by: ru
MFC after: 1 week
Diffstat (limited to 'etc/security')
| -rw-r--r-- | etc/security | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/etc/security b/etc/security index 82e384f..c26abeb 100644 --- a/etc/security +++ b/etc/security @@ -186,7 +186,7 @@ fi # separator echo "${host} login failures:" -n=$(catmsgs | grep -i "^$yesterday.*login failure" | tee /dev/stderr | wc -l) +n=$(catmsgs | grep -ia "^$yesterday.*login failure" | tee /dev/stderr | wc -l) [ $n -gt 0 -a $rc -lt 1 ] && rc=1 # Show tcp_wrapper warning messages |
