Sun 10 Apr. 2005

Beware of the Fix

Heads-Up: A few days ago MacInTouch reported on the SecurityFocus BugTraq advisory: OSX Root Compromise, wherein a number measures were detailed involving changes to the sudoers file, redirecting sudo’s logging and altering the sudo password grace period.

Now, in a follow-up post it would appear that there’s significant doubt about the wisdom of the proposed fix.

[Paul MLambert]… the bugtraq posting are incorrect and wrong. Following the instructions for changing the sudoers file will cause sudo entries to overwrite other log entries in /var/log/secure.log. This could easily be used by an attacker to mask actual intrusion attempts. Clearly the author of the report is not familiar with basic security principles, and publishing such reports without careful review is dangerous.

Comments »

The URI to TrackBack this entry is: http://sennosen.blogsome.com/2005/04/10/beware-of-the-fix/trackback/

No comments yet.

RSS feed for comments on this post.

Leave a comment

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>