[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] CMU Security problem [ /etc/shadow permissions ]

Subject: [cobalt-security] CMU Security problem [ /etc/shadow permissions ]
From: Jeff Bilcki <jeff.bilicki@xxxxxxx>
Date: Mon, 11 Feb 2002 11:07:40 -0800
Organization: Sun Microsystems, INC.
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

While running cmuImport on RaQ 3, RaQ 4, and RaQXTR the permission of
/etc/shadow are not properly restored.   This is a HUGE security problem
since all user passwords are stored in this file.  If have run CMU on
your RaQ please issue the following command as root:
$ chmod 400 /etc/shadow

The correct permissions of /etc/shadow should be:
-r-------- 1 root root 561 Feb 11 10:35 /etc/shadow

Fix for CMU security problem, as root do the following:
$ wget ftp://ftp.cobaltnet.com/pub/users/jeffb/cmu/shadowfix.patch
$ patch -p0 shadowfix.patch

This fix will be included in next release of CMU.  This blunder is a
mistake on my part and I would like to apologize to all CMU users for
it. 
-
Jeff Bilicki
Software Engineer
Sun Cobalt Server Appliances
Sun Microsystems, Inc.

Follow-Ups:
- RE: [cobalt-security] CMU Security problem [ /etc/shadow permissions ]
  - From: Gary M. Root

Prev by Date: [cobalt-security] One weird HaQ... have you seen this..
Next by Date: Re: [cobalt-security] Beyond me... RaQ Security Consultant needed
Previous by thread: Re: [cobalt-security] One weird HaQ... have you seen this..
Next by thread: RE: [cobalt-security] CMU Security problem [ /etc/shadow permissions ]

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index