On Wednesday 11 February 2009 23:26:45 Stan Katz wrote:
I updated/upgraded both my AMD64 and AMD k6 "Etch" machines between Feb
10-11, 2009 using "Lenny" test. Both picked up a symptom I haven't seen
since the lpd exploit of the 1990's. This symptom manifests itself as
either a random escalation of the etc directory mode up to 600, or a
consistent escalation to mode 600 upon reboot.
My /etc is mode 755. Why would that be a problem? Some user/programs may
need to read data out of the directory and root (the owner of my /etc)
certainly needs write permissions.
I don't remember why the lpd
exploit did this. If this is an exploit, it shakes my confidence in debian
online updating.
I don't see how a 600 /etc can be exploited. Do you have any other records
that would indicate you are exploited, or is this just fear-mongering?