Bugtraq mailing list archives
Re: world-readable shadow backups in SuSe 5.2
From: ap1 () TORCH ROWAN EDU (Andrew Pitman)
Date: Wed, 11 Nov 1998 15:06:16 -0500
AFAIK, RedHat does the right thing.
Andrew
--
"The best thing about standards is that there are so many
to choose from."
-Anonymous
-------------------------------------------------------------
Andrew Pitman MIS
Unix System Administrator Rowan University
-------------------------------------------------------------
On Tue, 10 Nov 1998, HD Moore wrote:
<( problem )> The _first_ set of shadow backups created on SuSe 5.2 are world readable. This includes '/etc/shadow-' and the original root pass in '/etc/shadow.orig'. I duplicated this on 3 different systems where I had just installed SuSe 5.2 with shadowed passwd support. <( fix )> The way to fix repair is to just delete all the backup copies and when they are re-created they have the right permissions. <( conclusion )> Is this an isolated incident with SuSe, or is it a problem inherent to shadow? I know this isn't the first case I've seen default shadow backups being world readable (or shadow.tmp's on SunOs). Could some other package be responsible for changing permissions on these?
Current thread:
- Sun Security Bulletin #00179, (continued)
- Sun Security Bulletin #00179 Aleph One (Nov 18)
- Re: Sun Security Bulletin #00179 Jonathan A. Zdziarski (Nov 19)
- Re: WWWBoard Vulnerability Spartak Radchenko (Nov 10)
- Re: WWWBoard Vulnerability Samuel Sparling (Nov 10)
- world-readable shadow backups in SuSe 5.2 HD Moore (Nov 10)
- mSQL dummies Peter Boutzev (Nov 11)
- Re: world-readable shadow backups in SuSe 5.2 Erik (Nov 11)
- Bootpd 2.4.3 tmp race Marcelo Tosatti (Nov 12)
- Re: world-readable shadow backups in SuSe 5.2 Roman Drahtmueller (Nov 12)
- More msql... Peter Boutzev (Nov 12)
- Re: world-readable shadow backups in SuSe 5.2 Andrew Pitman (Nov 11)
- Re: world-readable shadow backups in SuSe 5.2 xnec (Nov 11)