Vulnerability Development mailing list archives

Re: Slackware-7.1 Insecurity in default permission ?!?

From: Ron DuFresne <dufresne () WINTERNET COM>
Date: Sat, 23 Sep 2000 20:16:10 -0500

here's what's listed in the MANIFEST:

drwxr-xr-x root/root         0 2000-04-04 00:20 usr/info/

-rw-r--r-- root/root      3533 1994-05-16 15:41 usr/info/dir

-rw-r--r-- root/root        18 1994-05-06 12:09 etc/shells

Mind you these are from the slackware area on sunsite, and may differ for
-current, but I think these are accurate


Thanks,

Ron DuFresne

On Fri, 22 Sep 2000, Fabio Pietrosanti (naif) wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, i just installed a Slackware-7.1 and hardening it after a
find / -perm -2 -type -f
I found this two bad thing:

123655    1 -rw-rw-rw-   1 root     root          744 Sep 21 22:52
/usr/info/dir
153123    1 -rw-rw-rw-   1 root     root           49 Sep 21 22:51
/etc/shells


Does someone may verify it on other slackware-7.1 distribution?



Pietrosanti  Fabio          I.NET SpA, High Quality Access to the Internet
e-mail:  naif () inet it              ( Direzione Tecnica, Gruppo Firewall )
         firewall () inet it
PGP Key (DSS)                                 http://naif.itapac.net/naif.asc

Home Page URL:            http://www.inet.it
Sede:                     Via Caldera, 21 20153 Milano
Tel:                      02-409061 Fax: 02-40906303
 --
Free advertising: www.openbsd.org - Multiplatform Ultra-secure OS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
Filter: gpg4pine 4.1 (http://azzie.robotics.net)

iD8DBQE5yzrmdK5I1NnlcMYRAkk8AKDLI42FeMOQufJGueLvHnLnNtCrFwCg5D8r
/mZO9qwXP6xbQrMi8p9ex6o=
=Tpvw
-----END PGP SIGNATURE-----


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

Current thread:

Slackware-7.1 Insecurity in default permission ?!? Fabio Pietrosanti (naif) (Sep 23)
- Re: Slackware-7.1 Insecurity in default permission ?!? Vitaly McLain (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? Ron DuFresne (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? KATZ,JONATHAN ERIC (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? Brian Poole (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? Eduardo Cruz (Sep 24)
  - Re: Slackware-7.1 Insecurity in default permission ?!? White Vampire (Sep 24)
  - Re: Slackware-7.1 Insecurity in default permission ?!? H D Moore (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? David Carrick (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? generic (Sep 24)
- <Possible follow-ups>
- Re: Slackware-7.1 Insecurity in default permission ?!? Dan Shinn (Sep 24)