[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
- Subject: Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
- From: Jan van Stekelenburg <janvs@xxxxxxxxxxx>
- Date: Fri, 8 Feb 2002 09:30:58 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Fri, Feb 08, 2002 at 05:23:16PM +1100, Todd Kirk wrote:
> >And yet this from my RAQ resellers tech support.
> >
> >"You are pretty safe with those permissions. I wouldn't worry about
> it."
> >
> >My permissions
> >-r-------- 1 root root 6675 Jan 30 11:56 shadow
> >-r-------- 1 root root 6614 Jan 23 10:13 shadow-
> >
> >I am left at a loss to understand 3 things -
> >1) Why are the above permissions dangerous
They don't seem dangerous to me, it's this way that it's
all just readable for root, so unless everyone has your
rootpass and logs in on that cobalt, which I think is
not so, I don't see a reason to panic about it :)
> >2) Should I in fact change my permissions to 0600
Not really, although you're still safe then, since then
you'd make it writable for rootie :)
> >3) As above, if this is dangerous why did Cobalt do it?
It isn't dangerous, unless your root- user is the bastard operator
from hell. But in that case, I don't believe anything is safe anymore ;)
> Another point I should mention...no customer on this RAQ4R has shell
> access, some with FTP but they are only able to see from
> home/sites/www.domain.com/web on down
> &
> their personal site
>
[...]
Keeping customers away from your shell is most of the time a good thing.
Good you got away with that without too much complaints of them ;)
Kind regards, Jan.