Bugtraq mailing list archives
Bad permissions (644) on /etc/shadow after editing via
From: kgb () RUBIKON NET PL (Krzysztof G. Baranowski)
Date: Tue, 10 Jun 1997 11:49:55 +0200
First, here is some info: [root@matador /etc]# rpm -qi control-panel Name: control-panel Distribution: Red Hat Linux VanderbiltVersion: 2.6 Vendor: Red Hat Software Release: 1 Build Date: Tue Dec 10 21:41:45 1996Install date: Thu Apr 10 22:46:42 1997 Build Host: porky.redhat.com Group: Utilities/System Source RPM: control-panel-2.6-1.src.rpm Size: 178835 Summary: Red Hat Control Panel [root@matador /etc]# rpm -qi shadow-utils Name: shadow-utils Distribution: Red Hat Linux Colgate Version: 960530 Vendor: Red Hat Software Release: 6 Build Date: Thu Sep 05 23:47:04 1996Install date: Thu Jun 05 10:24:43 1997 Build Host: porky.redhat.com Group: Utilities/System Source RPM: shadow-utils-960530-6.src.rpm Size: 74466 Summary: Shadow password file utilities for Linux [root@matador /etc]# cat /etc/redhat-release release 4.1 (Vanderbilt) And the bug: [root@matador /etc]# ls -l /etc/shadow -rw------- 1 root root 693 Jun 10 11:19 /etc/shadow Now I start X, run user and group configuration in control-panel. I change some data then save and quit. [root@matador /etc]# ls -l shadow -rw-r--r-- 1 root root 693 Jun 10 11:19 shadow Best regards, Kris -- Krzysztof G. Baranowski - Prezes Klubu Nieszkodliwych Manjakow "Smith & Wesson - The original point and click interface..." http://www.rubikon.net.pl/~celestyn/maniak/
Current thread:
- Re: A couple of patches (RFC931 and scp location) Matt Simmons (Jun 08)
- Re: A couple of patches (RFC931 and scp location) Joe Zbiciak (Jun 09)
- Re: A couple of patches (RFC931 and scp location) Paul B. Henson (Jun 09)
- Bad permissions (644) on /etc/shadow after editing via Krzysztof G. Baranowski (Jun 10)
- Q142047: Bad Network Packet May Cause Access Violation (AV) on Aleph One (Jun 10)
- Q167629: Predictable Query IDs Pose Security Risks for DNS Servers Aleph One (Jun 10)
- Q169461: Access Violation in DNS.EXE Caused by Malicious Telnet Aleph One (Jun 10)