/etc/pwcntl on the 3B1 (3.51), anyone?

[Jim Rosenberg]

In article <440 at uncle.UUCP> jbm at uncle.UUCP (John B. Milton) writes:
>For those of you who have a lot of
>public access, some of the attempts will be quite interesting. This makes pwcntl
>a good place to look for break-in attempts. A lot of typos and line noise
>"names" get entered here too.

Aaaaaaaarghhhhhhhhhh!!!!

Until this discussion I'd never taken a look at /etc/pwcntl.  When I did I
nearly had a heart attack!  On my system it was completely public.  An od -c on
this file revealed something in plain text that you don't wanna have
*ANYWHERE*.  Hint:  Have you ever by mistake typed your password to the login:
prompt?  Of course, all UNIX users should be warned that typing your password
to the login prompt can broadcast it; any user who might be doing a ps -fe at
the time could see it.  (Not on the 3b1, actually, since ps -fe on the 3b1
doesn't do the right thing.  [Dammit!])  Little did I know that this gaffe
leaves a PERMANENT record.  A [formerly] public permanent record!  I wasn't
concerned that I might have compromised a password because I knew at the time
I was the only user of the system.

To all 3b1/7300 users:  take a look at this doggoned file *TODAY*.  You might
find YOUR OWN PASSWORD (or worse!) staring you in the face.

Yet another thing to add to the list of security problems on the 3b1.
-- 
 Jim Rosenberg
     CIS: 71515,124                         decvax!idis! \
     WELL: jer                                   allegra! ---- pitt!amanue!jr
     BIX: jrosenberg                  uunet!cmcl2!cadre! /