Bug 9614 - /etc/rc.d/rc.local shares too much information.
/etc/rc.d/rc.local shares too much information.
Status: CLOSED WONTFIX
Product: Red Hat Linux
Classification: Retired
Component: initscripts (Show other bugs)
6.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-02-20 16:43 EST by lars
Modified: 2014-03-16 22:12 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-03-20 11:23:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description lars 2000-02-20 16:43:05 EST
The rc.local distributed by RedHat provides more information to remote
users than the security-conscious admin may be comfortable with.

In particular, in updates the /etc/issue.net file at each boot to advertise
both the kernel version and the redhat release to anyone who telnets to the
local system.

In the event that there are remote exploits tied to particular kernel
versions or particular redhat distributions, this makes it far easier for a
malicious user to identify likely target systems.

This information is fine for inclusing in /etc/issue, since this is only
seen by non-network logins, but it seems that it would be a good idea to
modify rc.local so that /etc/issue.net contains more generic information
(such as "RedHat Linux -- http://www.redhat.com/:).
Comment 1 Bill Nottingham 2000-03-20 11:23:59 EST
We probably won't change this; users are free to customize
their own rc.local if they wish.

Note You need to log in before you can comment on or make changes to this bug.