[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FW: [cobalt-security] Local Root exploit
- Subject: Re: FW: [cobalt-security] Local Root exploit
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Mon, 23 Sep 2002 23:22:23 +0200
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Eugene,
> If an admin has /etc/shadow world-readable than he is in trouble almost
> as bad as exploitable /usr/lib/authenticate ;-)
He sure is. But I'm not going to comment that further, otherwise I'd be
venting at a certain ... vendor. ;o)
> Not exactly right. /etc/passwd *should* be world readable.
Outch ... yeah, of course you're right. Sorry, I spoke too soon.
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer