[8517] in bugtraq

home help back first fref pref prev next nref lref last post

Re: world-readable shadow backups in SuSe 5.2

daemon@ATHENA.MIT.EDU (Erik)
Thu Nov 12 15:11:22 1998

Date: 	Wed, 11 Nov 1998 12:15:20 -0600
Reply-To: Erik <netmask@303.ORG>
From: Erik <netmask@303.ORG>
X-To:         HD Moore <hdmoore@USA.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <000c01be0cd0$24d014a0$0100a8c0@entropy>

On a slackware 3.5 machine, with no backups... changing users password..
leaves

-rw-------   1 root     root          560 Nov 11 09:53 shadow-

chmod 600. So I would say its a suse linux problem.



On Tue, 10 Nov 1998, HD Moore wrote:

> <( conclusion )>
>
> Is this an isolated incident with SuSe, or is it a problem inherent to
> shadow?  I know this isn't the first case I've seen default shadow backups
> being world readable (or shadow.tmp's on SunOs).  Could some other package
> be responsible for changing permissions on these?
>



*---------------------*
| Erik Parker         |
| netmask@303.org     |
| IDC NetOps          |
*---------------------*
                 |
        *--------------------------------*
        |  http://www.303.org/           |
        |  ICQ # 9780056                 |
        |  talk netmask@spiff.idir.net   |
        *--------------------------------*

home help back first fref pref prev next nref lref last post