[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] The nasty RaQ hack...

Subject: Re: [cobalt-security] The nasty RaQ hack...
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 24 Jan 2003 13:52:35 -0500
Organization: Front Street Networks LLC
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Friday 24 January 2003 00:11, Jimmy Gross wrote:
> What is the normal setting for /usr/lib/authenticate?
>
> I set it to 755 and my users cannot get to their web stats now. Thanks.
>
It is a catch 22
you either suid /usr/lib/authenticate
or you make /etc/passwd and /etc/shadow world readable.

As far as gcc goes, I set mine chmod -x and then chmod +x when I want to 
compile something.

But what the hell, if they have root access they can undo that anyway, but if 
it is a script kiddie, he may not be that smart.

Gerald
-- 
http://frontstreetnetworks.com | http://store.raqware.com
Front Street Networks LLC      |  Phone: 203-785-0699
229 Front Street, Ste #C, New Haven, CT 06513-3203

References:
- RE: [cobalt-security] The nasty RaQ hack...
  - From: Jimmy Gross

Prev by Date: Re: [cobalt-security] RE: The nasty RaQ hack...
Next by Date: [cobalt-security] procmail
Previous by thread: RE: [cobalt-security] The nasty RaQ hack...
Next by thread: Re: [cobalt-security] The nasty RaQ hack...

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index