Bugtraq mailing list archives
Re: User operator under Red Hat 6.2
From: Ron DuFresne <dufresne () WINTERNET COM>
Date: Fri, 6 Oct 2000 02:18:41 -0500
let's try and update fols some: From: Dan Shinn <danslo () YAHOO COM> Subject: Re: Slackware-7.1 Insecurity in default permission ?!? Resent-Subject: Re: Slackware-7.1 Insecurity in default permission ?!? Date: Sun, 24 Sep 2000 10:18:55 -0700 To: VULN-DEV () SECURITYFOCUS COM Resent-To: dufresne <dufresne () darkstar sysinfo com> I believe this is the case with default installs, but after you apply all the patches these insecure permissions go away. This is from the changelogs: Thu Aug 24 16:12:55 PDT 2000 Merged package directories for the A and N series. a1/bash.tgz, bash1.tgz: Patched install script to ensure that a newly-created /etc/shells will be chmoded 644. You can view the changelogs at -> http://www.slackware.com/changelog/current.php3 Im not sure if the /usr/info/dir was ever world writeable on my slack box but the shells was and that was fixed with the install of the new bash.tgz package. This is from slack7.1 with all the updates and security fixes listed in the changelogs: slackbox:~# ls -l /etc/shells -rw-r--r-- 1 root root 70 May 5 08:03 /etc/shells slackbox:~# ls -l /usr/info/dir -rw-r--r-- 1 root root 3533 May 16 1994 /usr/info/dir slackbox:~# cat /etc/slackware-version 7.1.0 Hope this helps. -dan Of course, getting on the slackware security list is another good idea, folks if yer using a fav dist flavor of linux, get on that dist's security list, as well as reading here, then yer not out in the dark for sure. If yer company is considering linux in the workplace, get on the security list for all the dists underconsideration, how else would one make an informed decision about the matter? Thanks, Ron DuFresne On Thu, 5 Oct 2000, Stefan Laudat wrote:
That's old news, and if I recall, an updated package or two for the 4, 7 and 7.1 releases was already provided <smile>.Might be, but for you. I haven't seen it around. Slackware team fears this list :( The pristine 7.1 distro included(s?) this. If you're using their current snapshot you're out of trouble and/or unaware of what happened. -- Stefan Laudat Data Networks Engineer Allianz-Tiriac SA ------------------------ Beam me up, Scotty, there's no intelligent life down here!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Current thread:
- Re: User operator under Red Hat 6.2 Ron DuFresne (Oct 08)