Vulnerability Development mailing list archives
Re: Slackware-7.1 Insecurity in default permission ?!?
From: Dan Shinn <danslo () YAHOO COM>
Date: Sun, 24 Sep 2000 10:18:55 -0700
I believe this is the case with default installs, but after you apply all the patches these insecure permissions go away. This is from the changelogs: Thu Aug 24 16:12:55 PDT 2000 Merged package directories for the A and N series. a1/bash.tgz, bash1.tgz: Patched install script to ensure that a newly-created /etc/shells will be chmoded 644. You can view the changelogs at -> http://www.slackware.com/changelog/current.php3 Im not sure if the /usr/info/dir was ever world writeable on my slack box but the shells was and that was fixed with the install of the new bash.tgz package. This is from slack7.1 with all the updates and security fixes listed in the changelogs: slackbox:~# ls -l /etc/shells -rw-r--r-- 1 root root 70 May 5 08:03 /etc/shells slackbox:~# ls -l /usr/info/dir -rw-r--r-- 1 root root 3533 May 16 1994 /usr/info/dir slackbox:~# cat /etc/slackware-version 7.1.0 Hope this helps. -dan __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/
Current thread:
- Slackware-7.1 Insecurity in default permission ?!? Fabio Pietrosanti (naif) (Sep 23)
- Re: Slackware-7.1 Insecurity in default permission ?!? Vitaly McLain (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? Ron DuFresne (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? KATZ,JONATHAN ERIC (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? Brian Poole (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? Eduardo Cruz (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? White Vampire (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? H D Moore (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? David Carrick (Sep 24)
- Re: Slackware-7.1 Insecurity in default permission ?!? generic (Sep 24)
- <Possible follow-ups>
- Re: Slackware-7.1 Insecurity in default permission ?!? Dan Shinn (Sep 24)