[2025] in bugtraq
[John Adams: Re: Why are we using priveleged images / state so
daemon@ATHENA.MIT.EDU (Peiter Zatko)
Tue Jul 11 01:23:18 1995
Date: Mon, 10 Jul 1995 16:50:36 EDT
Reply-To: Bugtraq List <BUGTRAQ@CRIMELAB.COM>
From: Peiter Zatko <peiterz@BBN.COM>
X-To: bugtraq@CRIMELAB.COM
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@CRIMELAB.COM>
>But then remote administration goes all to hell. Secure external
>access methods (Skey, SecureID, et al.) could be used to admin the
>machines remotely, but the inital setup would cost a considerable
>amount of time.
On a slightly different topic. But since S/Key was mentioned...
Almost all of the S/Key packages I've
seen have a problem (actually there are a couple of problems with s/key
but the pro's still outweigh the con's).
The installation sets the /etc/skeykeys file to a world readable mode
( 644 ). This seems to be the case in both Bellcore and Weitse's packages.
Needless to say that on a system using shadowed passwords and having most
of their users using s/key... This defeats the benefits of having
a shadowed password system in the first place.
The only thing I see changing this file to a more rational mode (ie 600)
would break is the keyinfo program. Not much of a loss in my eyes.
PeiterZ
