home *** CD-ROM | disk | FTP | other *** search
- From: hogan@csl.sri.com (Emmett Hogan)
- Newsgroups: alt.security,alt.sys.sun
- Subject: YASB (Yet Another Sun Bug)
- Message-ID: <HOGAN.91Aug23164201@cujo.csl.sri.com>
- Date: 23 Aug 91 20:42:00 GMT
- Organization: Computer Science Lab, SRI International, Menlo Park, CA.
-
-
- Well this one's pretty cute...
-
- Here's The Setup:
- Sun 3's and Sun 4's
- SunOS 4.1.1
-
- In an attempt to make our Sun machines more "secure" we run Sun's
- implementation of C2. Well, to run it you must execute a shell script
- called /usr/etc/C2conv, which does various things such as setting up
- your shadow password and group files. Now, prior to running C2conv,
- the permissions on my password and group files were:
-
- -rw-r--r-- 1 root wheel 522 May 16 17:11 /etc/passwd
- -rw-r--r-- 1 root wheel 522 May 16 17:11 /etc/group
-
- After running C2conv, these permissions were changed to:
-
- -rw-rw-r-- 1 root staff 522 May 16 17:11 /etc/passwd
- -rw-rw-r-- 1 root staff 233 Jun 4 16:46 /etc/group
-
- Note: Not only was it made group WRITABLE, but the group was changed
- to group STAFF !!!
-
- I checked to make sure if maybe I just had the umask screwed up, but
- that was not the case, it had to explicitly somewhere in the
- conversion routines.
-
- - Can anyone tell me why this might happen?
-
- - Am I just being paranoid, and this is no big deal?
-
- - Will Sun ever get C2 straight?
-
- - Will Bill Joy ever get....(oh nevermind) :-)
-
- Thanks in advance for any enlightening info,
- Emmett
-
- --
- -------------------------------------------------------------------
- Emmett Hogan Computer Science Lab, SRI International
- Inet: hogan@csl.sri.com
- UUCP: {ames, decwrl, pyramid, sun}!fernwood!hercules!hogan
- USMAIL: EL231, 333 Ravenswood Ave, Menlo Park, CA 94025
- PacBell: (415)859-3232 (voice), (415)859-2844 (fax)
- ICBM: 37d 27' 14" North, 122d 10' 52" West
- -------------------------------------------------------------------
-
-