[17085] in bugtraq
Re: User operator under Red Hat 6.2
daemon@ATHENA.MIT.EDU (Ron DuFresne)
Sun Oct 8 14:16:03 2000
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.GSO.4.05.10010060214050.13362-100000@tundra.winternet.com>
Date: Fri, 6 Oct 2000 02:18:41 -0500
Reply-To: Ron DuFresne <dufresne@WINTERNET.COM>
From: Ron DuFresne <dufresne@WINTERNET.COM>
X-To: Stefan Laudat <stefan@ASIT.Ro>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20001005235033.A11498@asit.ro>
let's try and update fols some:
From: Dan Shinn <danslo@YAHOO.COM>
Subject: Re: Slackware-7.1 Insecurity in default permission ?!?
Resent-Subject: Re: Slackware-7.1 Insecurity in default permission ?!?
Date: Sun, 24 Sep 2000 10:18:55 -0700
To: VULN-DEV@SECURITYFOCUS.COM
Resent-To: dufresne <dufresne@darkstar.sysinfo.com>
I believe this is the case with default installs, but after you apply all
the patches these
insecure permissions go away. This is from the changelogs:
Thu Aug 24 16:12:55 PDT 2000
Merged package directories for the A and N series.
a1/bash.tgz, bash1.tgz: Patched install script to ensure that a
newly-created /etc/shells will be
chmoded 644.
You can view the changelogs at ->
http://www.slackware.com/changelog/current.php3
Im not sure if the /usr/info/dir was ever world writeable on my slack box
but the shells was and
that was fixed with the install of the new bash.tgz package. This is from
slack7.1 with all the
updates and security fixes listed in the changelogs:
slackbox:~# ls -l /etc/shells
-rw-r--r-- 1 root root 70 May 5 08:03 /etc/shells
slackbox:~# ls -l /usr/info/dir
-rw-r--r-- 1 root root 3533 May 16 1994 /usr/info/dir
slackbox:~# cat /etc/slackware-version
7.1.0
Hope this helps.
-dan
Of course, getting on the slackware security list is another good idea,
folks if yer using a fav dist flavor of linux, get on that dist's security
list, as well as reading here, then yer not out in the dark for sure. If
yer company is considering linux in the workplace, get on the security
list for all the dists underconsideration, how else would one make an
informed decision about the matter?
Thanks,
Ron DuFresne
On Thu, 5 Oct 2000, Stefan Laudat wrote:
> > That's old news, and if I recall, an updated package or two for the 4, 7
> > and 7.1 releases was already provided <smile>.
> >
>
> Might be, but for you. I haven't seen it around. Slackware team
> fears this list :(
> The pristine 7.1 distro included(s?) this. If you're using
> their current snapshot you're out of trouble and/or unaware of
> what happened.
>
>
> --
>
> Stefan Laudat
> Data Networks Engineer
> Allianz-Tiriac SA
> ------------------------
> Beam me up, Scotty, there's no intelligent life down here!
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
