Unidentified subject!

To: Robert Ribnitz <robert.ribnitz@unifr.ch>
Cc: "debian-sparc-request@lists.debian.org" <debian-sparc@lists.debian.org>
Subject: Unidentified subject!
From: Dinh-Tuan.Pham@imag.fr
Date: Thu, 15 Jun 2000 13:00:32 +0200 (CEST)
Message-id: <[🔎] 14664.46928.878567.343888@guepard.imag.fr>

Robert Ribnitz writes:

 > 2) SECURITY ISSUE
 > ================
 > On machines installed using the slink image, and upgraded (dist-upgrade) to
 > potato, and on machines installed using the potato image (version see
 > above), "man /etc/passwd" will return the contents of said file. I did a
 > cross-check with a solaris (sunos 5.7) machine, which did not exhibit this
 > behavior.

Since the passwd is world readable, you can see its contents by many
tools: cat, more, less, vi ... so this isn't really an issue. If you
want more secure password protection, you should use the shadow
password (the passwords are then stored in /etc/shadow which can't
only be read by root)

The above behavior of man is indeed unusual but I find it handy: you
can consult a man page by "man _this_man_page". This could be useful
if you want to know what a package does before really install it
(under other OS I would have to read the man page by pipying it
through nroff)

-- 
PHAM Dinh Tuan                         | e-mail: Dinh-Tuan.Pham@imag.fr
Laboratoire de Modelisation et Calcul  | Tel: +33 4 76 51 44 23
BP 53, 38041 Grenoble cedex 9 (France) | Fax: +33 4 76 63 12 63
-----------------------------------------------------------------------

Reply to:

Prev by Date: Problems with potato boot image / Security problem with man?
Next by Date: Re: Problems with potato boot image / Security problem with man?
Previous by thread: Re: Problems with potato boot image / Security problem with man?
Next by thread: Utility to check the system configuration for Sun Sparc System using linux or other.
Index(es):
- Date
- Thread