Bugtraq mailing list archives
world-readable shadow backups in SuSe 5.2
From: hdmoore () USA NET (HD Moore)
Date: Tue, 10 Nov 1998 11:32:50 -0600
<( problem )> The _first_ set of shadow backups created on SuSe 5.2 are world readable. This includes '/etc/shadow-' and the original root pass in '/etc/shadow.orig'. I duplicated this on 3 different systems where I had just installed SuSe 5.2 with shadowed passwd support. <( fix )> The way to fix repair is to just delete all the backup copies and when they are re-created they have the right permissions. <( conclusion )> Is this an isolated incident with SuSe, or is it a problem inherent to shadow? I know this isn't the first case I've seen default shadow backups being world readable (or shadow.tmp's on SunOs). Could some other package be responsible for changing permissions on these?
Current thread:
- Re: [Linux] klogd 1.3-22 buffer overflow, (continued)
- Re: [Linux] klogd 1.3-22 buffer overflow Cory Visi (Nov 11)
- Re: [Linux] klogd 1.3-22 buffer overflow Martin Schulze (Nov 17)
- Re: [Linux] klogd 1.3-22 buffer overflow Michal Zalewski (Sep 12)
- Re: [Linux] klogd 1.3-22 buffer overflow security () PENGUIN NET AU (Nov 17)
- Update to Microsoft Security Bulletin (MS98-015) Aleph One (Nov 18)
- Multiple KDE security vulnerabilities (root compromise) David G. Andersen (Nov 18)
- Sun Security Bulletin #00179 Aleph One (Nov 18)
- Re: Sun Security Bulletin #00179 Jonathan A. Zdziarski (Nov 19)
- Re: WWWBoard Vulnerability Spartak Radchenko (Nov 10)
- Re: WWWBoard Vulnerability Samuel Sparling (Nov 10)
- world-readable shadow backups in SuSe 5.2 HD Moore (Nov 10)
- mSQL dummies Peter Boutzev (Nov 11)
- Re: world-readable shadow backups in SuSe 5.2 Erik (Nov 11)
- Bootpd 2.4.3 tmp race Marcelo Tosatti (Nov 12)
- Re: world-readable shadow backups in SuSe 5.2 Roman Drahtmueller (Nov 12)
- More msql... Peter Boutzev (Nov 12)
- Re: world-readable shadow backups in SuSe 5.2 Andrew Pitman (Nov 11)
- Re: world-readable shadow backups in SuSe 5.2 xnec (Nov 11)