Bug 9614 - /etc/rc.d/rc.local shares too much information.
Summary: /etc/rc.d/rc.local shares too much information.
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: initscripts   
(Show other bugs)
Version: 6.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-02-20 21:43 UTC by lars
Modified: 2014-03-17 02:12 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-03-20 16:23:12 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description lars 2000-02-20 21:43:05 UTC
The rc.local distributed by RedHat provides more information to remote
users than the security-conscious admin may be comfortable with.

In particular, in updates the /etc/issue.net file at each boot to advertise
both the kernel version and the redhat release to anyone who telnets to the
local system.

In the event that there are remote exploits tied to particular kernel
versions or particular redhat distributions, this makes it far easier for a
malicious user to identify likely target systems.

This information is fine for inclusing in /etc/issue, since this is only
seen by non-network logins, but it seems that it would be a good idea to
modify rc.local so that /etc/issue.net contains more generic information
(such as "RedHat Linux -- http://www.redhat.com/:).

Comment 1 Bill Nottingham 2000-03-20 16:23:59 UTC
We probably won't change this; users are free to customize
their own rc.local if they wish.


Note You need to log in before you can comment on or make changes to this bug.