Unidentified subject!
Robert Ribnitz writes:
> 2) SECURITY ISSUE
> ================
> On machines installed using the slink image, and upgraded (dist-upgrade) to
> potato, and on machines installed using the potato image (version see
> above), "man /etc/passwd" will return the contents of said file. I did a
> cross-check with a solaris (sunos 5.7) machine, which did not exhibit this
> behavior.
Since the passwd is world readable, you can see its contents by many
tools: cat, more, less, vi ... so this isn't really an issue. If you
want more secure password protection, you should use the shadow
password (the passwords are then stored in /etc/shadow which can't
only be read by root)
The above behavior of man is indeed unusual but I find it handy: you
can consult a man page by "man _this_man_page". This could be useful
if you want to know what a package does before really install it
(under other OS I would have to read the man page by pipying it
through nroff)
--
PHAM Dinh Tuan | e-mail: Dinh-Tuan.Pham@imag.fr
Laboratoire de Modelisation et Calcul | Tel: +33 4 76 51 44 23
BP 53, 38041 Grenoble cedex 9 (France) | Fax: +33 4 76 63 12 63
-----------------------------------------------------------------------
Reply to: