[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: FW: [cobalt-security] Local Root exploit
- Subject: RE: FW: [cobalt-security] Local Root exploit
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Date: 24 Sep 2002 01:29:32 +0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Tue, 2002-09-24 at 00:04, Steven Young wrote:
> > > Proper permissions:
> > >
> > > ls -la /etc/passwd /etc/shadow
> > > -rw------- 1 root root 9839 Sep 18 23:55 /etc/passwd
> > > -rw------- 1 root root 6487 Sep 18 23:55 /etc/shadow
> >
> > Not exactly right. /etc/passwd *should* be world readable.
> > The point of separation of /etc/passwd and /etc/shadow back
> > in ca. 1990 was to protect password hashes while still
> > letting non-proviledged processes use getpw*() family of
> > functions. That have lots of legitimate uses.
>
> Ummm, errrr, so what's going on with my /etc/shadow ? Surely I should
> have root write permission for this file?
>
> [mycmdprompt]# ls -la /etc/passwd /etc/shadow
> -rw-r--r-- 1 root root 2450 Sep 4 15:34 /etc/passwd
> -r-------- 1 root root 1539 Sep 4 15:34 /etc/shadow
You don't *need* to have write permission for /etc/shadow but if you
have, that won't harm. The point is that /etc/passwd should be world
readable and /etc/shadow should *not* be world-readable. The rest does
not matter.
Root has read and write access to all files regardless of their
attributes (modulo "chattr +i").
Eugene