[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: FW: [cobalt-security] Local Root exploit

Subject: RE: FW: [cobalt-security] Local Root exploit
From: Eugene Crosser <crosser@xxxxxxxxxxx>
Date: 24 Sep 2002 01:29:32 +0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Tue, 2002-09-24 at 00:04, Steven Young wrote:

> > > Proper permissions:
> > > 
> > >  ls -la /etc/passwd /etc/shadow
> > > -rw-------   1 root     root         9839 Sep 18 23:55 /etc/passwd
> > > -rw-------   1 root     root         6487 Sep 18 23:55 /etc/shadow
> > 
> > Not exactly right.  /etc/passwd *should* be world readable.  
> > The point of separation of /etc/passwd and /etc/shadow back 
> > in ca. 1990 was to protect password hashes while still 
> > letting non-proviledged processes use getpw*() family of 
> > functions.  That have lots of legitimate uses.
> 
> Ummm, errrr, so what's going on with my /etc/shadow ? Surely I should
> have root write permission for this file?
> 
> [mycmdprompt]# ls -la /etc/passwd /etc/shadow
> -rw-r--r--   1 root     root         2450 Sep  4 15:34 /etc/passwd
> -r--------   1 root     root         1539 Sep  4 15:34 /etc/shadow

You don't *need* to have write permission for /etc/shadow but if you
have, that won't harm.  The point is that /etc/passwd should be world
readable and /etc/shadow should *not* be world-readable.  The rest does
not matter.

Root has read and write access to all files regardless of their
attributes (modulo "chattr +i").

Eugene

References:
- RE: FW: [cobalt-security] Local Root exploit
  - From: Steven Young

Prev by Date: Re: FW: [cobalt-security] Local Root exploit
Next by Date: [cobalt-security] SSL Question
Previous by thread: RE: FW: [cobalt-security] Local Root exploit
Next by thread: Re: FW: [cobalt-security] Local Root exploit

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index