[8517] in bugtraq
Re: world-readable shadow backups in SuSe 5.2
daemon@ATHENA.MIT.EDU (Erik)
Thu Nov 12 15:11:22 1998
Date: Wed, 11 Nov 1998 12:15:20 -0600
Reply-To: Erik <netmask@303.ORG>
From: Erik <netmask@303.ORG>
X-To: HD Moore <hdmoore@USA.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <000c01be0cd0$24d014a0$0100a8c0@entropy>
On a slackware 3.5 machine, with no backups... changing users password..
leaves
-rw------- 1 root root 560 Nov 11 09:53 shadow-
chmod 600. So I would say its a suse linux problem.
On Tue, 10 Nov 1998, HD Moore wrote:
> <( conclusion )>
>
> Is this an isolated incident with SuSe, or is it a problem inherent to
> shadow? I know this isn't the first case I've seen default shadow backups
> being world readable (or shadow.tmp's on SunOs). Could some other package
> be responsible for changing permissions on these?
>
*---------------------*
| Erik Parker |
| netmask@303.org |
| IDC NetOps |
*---------------------*
|
*--------------------------------*
| http://www.303.org/ |
| ICQ # 9780056 |
| talk netmask@spiff.idir.net |
*--------------------------------*