Re: User operator under Red Hat 6.2

[Ron DuFresne <dufresne () WINTERNET COM>]

let's try and update fols some:

From: Dan Shinn <danslo () YAHOO COM>
Subject: Re: Slackware-7.1 Insecurity in default permission ?!?
Resent-Subject: Re: Slackware-7.1 Insecurity in default permission ?!?
Date: Sun, 24 Sep 2000 10:18:55 -0700
To: VULN-DEV () SECURITYFOCUS COM
Resent-To: dufresne <dufresne () darkstar sysinfo com>

I believe this is the case with default installs, but after you apply all
the patches these
insecure permissions go away. This is from the changelogs:
Thu Aug 24 16:12:55 PDT 2000
Merged package directories for the A and N series.
a1/bash.tgz, bash1.tgz: Patched install script to ensure that a
newly-created /etc/shells will be
chmoded 644.

You can view the changelogs at ->
http://www.slackware.com/changelog/current.php3
Im not sure if the /usr/info/dir was ever world writeable on my slack box
but the shells was and
that was fixed with the install of the new bash.tgz package. This is from
slack7.1 with all the
updates and security fixes listed in the changelogs:

slackbox:~# ls -l /etc/shells
-rw-r--r--   1 root     root           70 May  5 08:03 /etc/shells
slackbox:~# ls -l /usr/info/dir
-rw-r--r--   1 root     root         3533 May 16  1994 /usr/info/dir
slackbox:~# cat /etc/slackware-version
7.1.0

Hope this helps.
-dan



Of course, getting on the slackware security list is another good idea,
folks if yer using a fav dist flavor of linux, get on that dist's security
list, as well as reading here, then yer not out in the dark for sure.  If
yer company is considering linux in the workplace, get on the security
list for all the dists underconsideration, how else would one make an
informed decision about the matter?

Thanks,

Ron DuFresne

On Thu, 5 Oct 2000, Stefan Laudat wrote:

> > That's old news, and if I recall, an updated package or two for the 4, 7
> > and 7.1 releases was already provided <smile>.
>
> Might be, but for you. I haven't seen it around. Slackware team
> fears this list :(
> The pristine 7.1 distro included(s?) this. If you're using
> their current snapshot you're out of trouble and/or unaware of
> what happened.
>
>
> --
>
> Stefan Laudat
> Data Networks Engineer
> Allianz-Tiriac SA
> ------------------------
> Beam me up, Scotty, there's no intelligent life down here!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.