[10397] in bugtraq
Re: Discus advisory.
daemon@ATHENA.MIT.EDU (Elaich Of Hhp)
Fri Apr 30 14:37:19 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.9904291941470.22867-100000@ns.suspend.net>
Date: Thu, 29 Apr 1999 19:50:34 -0400
Reply-To: hhp@NS.SUSPEND.NET
From: Elaich Of Hhp <hhp@NS.SUSPEND.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSF.4.05.9904281634510.87084-100000@staff.calweb.com>
On Wed, 28 Apr 1999, Ian R. Justman wrote:
> Showed this to my boss because one of our customers (one whose account we
> are currently reviewing) runs this script.
>
> If this is running under Linux, FreeBSD or any system with a decent shadow
> password system or something similar AND a sanely-configured web server,
> e.g. with CGIwrap, any internal wrappering which runs scripts as the owner
> of the script like any later version of Apache with the integrated setuid
> wrapper, or at the very least just outright running scripts as an
> arbitrary unprivileged user, there is no problem. You can't read
> /etc/shadow|/etc/master.passwd|/etc/whatever if you're not a privileged
> user. ;)
>
> --Ian.
Well I never said that /etc/shadow, /etc/passwd etc. etc. were readable.
and the stuff you stated above is not the problem here. The software
creates the directory with 666 perms. In that directory there is a
users.txt and a admin.txt which both contain crypt(3) passwds.
Here is one of the simple replies I have recieved.
- Date: Mon, 26 Apr 1999 09:32:23 -0400
- From: mwerneburg@stardata.ca
- To: hhp@hhp.hemp.net
- Subject: Re: Discus advisory.
-
- Good post. I'm administering a discus installation and was appalled to
- see files like passwd.txt with 666 perms. Thanks for the heads-up!
-elaich
-----------------------------------------
elaich of the hhp. hhp-1999(c)
Email: hhp@hemp.net
Web: http://hhp.hemp.net/
Voice: 1-800-Rag-on-gH pin: The-hhp-crew
hhp-ms: hhp.hemp.net, port:7777, pass:hhp
-----------------------------------------
