[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
- Subject: RE: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
- From: "Todd Kirk" <tkirk@xxxxxxxxxxxxxx>
- Date: Fri, 8 Feb 2002 17:20:09 +1100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> ->After reading some posts today I looked at a
> ->lot of RaQs I maintain.
> ->
> ->It has come to my attention that newly restored
> ->or upgraded RaQ3s and RaQ4s could have
> ->/etc/shadow* files that are world-readable.
> ->Check yours. Fix it:
> -># chmod 600 /etc/shadow*
> ->If you can't do it yourself, have someone do
> ->it for you.
>
> Luckily I don't allow shell access so those files
> can't be viewed. But this begs the question WHY on
> earth would the official Cobalt Restore CD(s) be
> setting up restored boxes with risky permissions on
> the shadow password file?
And yet this from my RAQ resellers tech support.
"You are pretty safe with those permissions. I wouldn't worry about it."
My permissions
-r-------- 1 root root 6675 Jan 30 11:56 shadow
-r-------- 1 root root 6614 Jan 23 10:13 shadow-
I am left at a loss to understand 3 things -
1) Why are the above permissions dangerous
2) Should I in fact change my permissions to 0600
3) As above, if this is dangerous why did Cobalt do it?
regards,
Todd Kirk