[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] POSSIBLE MAJOR SECURITY BREACH

Subject: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
From: Barbara <thebizworkers@xxxxxxxxx>
Date: Thu, 7 Feb 2002 21:50:33 -0800 (PST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

->After reading some posts today I looked at a 
->lot of RaQs I maintain.
->
->It has come to my attention that newly restored 
->or upgraded RaQ3s and RaQ4s could have 
->/etc/shadow* files that are world-readable.
->Check yours.  Fix it:
-># chmod 600 /etc/shadow*
->If you can't do it yourself, have someone do 
->it for you.

Luckily I don't allow shell access so those files
can't be viewed. But this begs the question WHY on
earth would the official Cobalt Restore CD(s) be
setting up restored boxes with risky permissions on
the shadow password file?



__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

Follow-Ups:
- RE: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
  - From: Todd Kirk
- Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
  - From: Nico Meijer
- Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
  - From: Jeff Lasman

Prev by Date: Re: [cobalt-security] /etc/shadow
Next by Date: RE: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
Previous by thread: Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
Next by thread: RE: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index