[11041] in bugtraq
No subject found in mail header
daemon@ATHENA.MIT.EDU (sbr)
Fri Jul 16 17:35:00 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <3.0.6.32.19990714143115.00a0cbe0@199.60.228.51>
Date: Wed, 14 Jul 1999 14:31:15 -0700
Reply-To: sbr <sbr@DIRECT.CA>
From: sbr <sbr@DIRECT.CA>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
I recently started using a new editor called joe, with this editor there is
a feature that if your existing session is terminated, it creates a DEADJOE
in the directory. While editing my shadow file my connection was
terminated, thus leaving the DEADJOE in my /etc directory that was world
readable containing my entire shadow file. I think the problem is self
explanitory. I have emailed the creator and there is no feature to disable
this that I can find or mentioned in the email. My umask setting does not
seem to affect the permissions of DEADJOE.
The operating system is Debian Linux 2.1 kernel 2.2.10 i386.
- Spencer.
