9614 – /etc/rc.d/rc.local shares too much information.

Bug 9614 - /etc/rc.d/rc.local shares too much information.

Summary: /etc/rc.d/rc.local shares too much information.

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	initscripts
Sub Component:
Version:	6.1
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Bill Nottingham
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2000-02-20 21:43 UTC by lars
Modified:	2014-03-17 02:12 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2000-03-20 16:23:12 UTC
Embargoed:

Attachments	(Terms of Use)

Description lars 2000-02-20 21:43:05 UTC

The rc.local distributed by RedHat provides more information to remote
users than the security-conscious admin may be comfortable with.

In particular, in updates the /etc/issue.net file at each boot to advertise
both the kernel version and the redhat release to anyone who telnets to the
local system.

In the event that there are remote exploits tied to particular kernel
versions or particular redhat distributions, this makes it far easier for a
malicious user to identify likely target systems.

This information is fine for inclusing in /etc/issue, since this is only
seen by non-network logins, but it seems that it would be a good idea to
modify rc.local so that /etc/issue.net contains more generic information
(such as "RedHat Linux -- http://www.redhat.com/:).

Comment 1 Bill Nottingham 2000-03-20 16:23:59 UTC

We probably won't change this; users are free to customize
their own rc.local if they wish.

Note You need to log in before you can comment on or make changes to this bug.