[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
- Subject: Re: [cobalt-security] POSSIBLE MAJOR SECURITY BREACH
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Fri, 08 Feb 2002 12:36:25 -0800
- Organization: nobaloney.net
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Herby K wrote:
> -rw-rw-r-- 1 root root 38446 Feb 7 12:29 shadow
> -rw------- 1 root root 38401 Feb 7 12:28 shadow-
>
> these are mine, 3 times on RaQ3 with all patches done. What are now the
> correct permissions 400, 600 or other ?
Either are fine. Here's how Cobalt sets them up on a new machine:
-r-------- 1 root root 591 Feb 9 06:26 shadow
-rw------- 1 root root 591 Feb 9 06:26 shadow-
But I hope you didn't wait this long to affect the change. The first
hours, sometimes minutes, after an exploitable hole is made public, are
the worst.
I actually thought about that before posting the problem and the fix,
but I noticed that some people were already talking about it; just not
realizing it's significance.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA 92517
voice: (909) 778-9980 * fax: (702) 548-9484