Vulnerability Development mailing list archives

Re: Slackware-7.1 Insecurity in default permission ?!?

From: Eduardo Cruz <eduardo.cruz () TS-G COM>
Date: Sun, 24 Sep 2000 01:40:26 +0200

-rw-r--r--   1 root     root         4277 Sep 12 15:19 /usr/info/dir
-rw-rw-rw-   1 root     root           58 Sep 12 15:17 /etc/shells

but if u cant modify passwd to change the shell.....
anyway is wrong u can add shells to the file

# cat /etc/slackware-version
7.1.0

----- Original Message -----
From: Fabio Pietrosanti (naif) <naif () INET IT>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Friday, September 22, 2000 12:56 PM
Subject: Slackware-7.1 Insecurity in default permission ?!?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, i just installed a Slackware-7.1 and hardening it after a
find / -perm -2 -type -f
I found this two bad thing:

123655    1 -rw-rw-rw-   1 root     root          744 Sep 21 22:52
/usr/info/dir
153123    1 -rw-rw-rw-   1 root     root           49 Sep 21 22:51
/etc/shells


Does someone may verify it on other slackware-7.1 distribution?



Pietrosanti  Fabio          I.NET SpA, High Quality Access to the Internet
e-mail:  naif () inet it ( Direzione Tecnica, Gruppo Firewall )
         firewall () inet it
PGP Key (DSS) http://naif.itapac.net/naif.asc

Home Page URL:            http://www.inet.it
Sede:                     Via Caldera, 21 20153 Milano
Tel:                      02-409061 Fax: 02-40906303
 --
Free advertising: www.openbsd.org - Multiplatform Ultra-secure OS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
Filter: gpg4pine 4.1 (http://azzie.robotics.net)

iD8DBQE5yzrmdK5I1NnlcMYRAkk8AKDLI42FeMOQufJGueLvHnLnNtCrFwCg5D8r
/mZO9qwXP6xbQrMi8p9ex6o=
=Tpvw
-----END PGP SIGNATURE-----

Current thread:

Slackware-7.1 Insecurity in default permission ?!? Fabio Pietrosanti (naif) (Sep 23)
- Re: Slackware-7.1 Insecurity in default permission ?!? Vitaly McLain (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? Ron DuFresne (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? KATZ,JONATHAN ERIC (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? Brian Poole (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? Eduardo Cruz (Sep 24)
  - Re: Slackware-7.1 Insecurity in default permission ?!? White Vampire (Sep 24)
  - Re: Slackware-7.1 Insecurity in default permission ?!? H D Moore (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? David Carrick (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? generic (Sep 24)
- <Possible follow-ups>
- Re: Slackware-7.1 Insecurity in default permission ?!? Dan Shinn (Sep 24)