[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH

Subject: RE: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
From: "Todd Kirk" <tkirk@xxxxxxxxxxxxxx>
Date: Fri, 8 Feb 2002 17:23:16 +1100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

>And yet this from my RAQ resellers tech support.
>
>"You are pretty safe with those permissions. I wouldn't worry about
it."
>
>My permissions
>-r-------- 1 root root 6675 Jan 30 11:56 shadow
>-r-------- 1 root root 6614 Jan 23 10:13 shadow-
>
>I am left at a loss to understand 3 things -
>1) Why are the above permissions dangerous
>2) Should I in fact change my permissions to 0600
>3) As above, if this is dangerous why did Cobalt do it?

Another point I should mention...no customer on this RAQ4R has shell
access, some with FTP but they are only able to see from
home/sites/www.domain.com/web on down
&
their personal site
 

regards,
 
Todd Kirk

Follow-Ups:
- Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
  - From: Herby K
- Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
  - From: Jan van Stekelenburg
- Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
  - From: Jeff Lasman

Prev by Date: RE: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
Next by Date: Re[4]: [cobalt-security] amd root?
Previous by thread: Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
Next by thread: Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index