[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: FW: [cobalt-security] Local Root exploit
- Subject: RE: FW: [cobalt-security] Local Root exploit
- From: "Steven Young" <steven.young@xxxxxxxxxxxxxxx>
- Date: Mon, 23 Sep 2002 21:04:21 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> > Example from an OS restored box with improper permissions:
> >
> > ls -la /etc/passwd /etc/shadow
> > -rw-r--r-- 1 root root 9839 Sep 18 23:55 /etc/passwd
> > -rw-rw-r-- 1 root root 6487 Sep 18 23:55 /etc/shadow
> >
> > Proper permissions:
> >
> > ls -la /etc/passwd /etc/shadow
> > -rw------- 1 root root 9839 Sep 18 23:55 /etc/passwd
> > -rw------- 1 root root 6487 Sep 18 23:55 /etc/shadow
>
> Not exactly right. /etc/passwd *should* be world readable.
> The point of separation of /etc/passwd and /etc/shadow back
> in ca. 1990 was to protect password hashes while still
> letting non-proviledged processes use getpw*() family of
> functions. That have lots of legitimate uses.
Ummm, errrr, so what's going on with my /etc/shadow ? Surely I should
have root write permission for this file?
[mycmdprompt]# ls -la /etc/passwd /etc/shadow
-rw-r--r-- 1 root root 2450 Sep 4 15:34 /etc/passwd
-r-------- 1 root root 1539 Sep 4 15:34 /etc/shadow
~
Steven