[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Discus advisory.
From:       Elaich Of Hhp <hhp () NS ! SUSPEND ! NET>
Date:       1999-04-29 23:50:34
[Download RAW message or body]

On Wed, 28 Apr 1999, Ian R. Justman wrote:
> Showed this to my boss because one of our customers (one whose account we
> are currently reviewing) runs this script.
>
> If this is running under Linux, FreeBSD or any system with a decent shadow
> password system or something similar AND a sanely-configured web server,
> e.g. with CGIwrap, any internal wrappering which runs scripts as the owner
> of the script like any later version of Apache with the integrated setuid
> wrapper, or at the very least just outright running scripts as an
> arbitrary unprivileged user, there is no problem.  You can't read
> /etc/shadow|/etc/master.passwd|/etc/whatever if you're not a privileged
> user.  ;)
>
> --Ian.

Well I never said that /etc/shadow, /etc/passwd etc. etc. were readable.
and the stuff you stated above is not the problem here.  The software
creates the directory with 666 perms. In that directory there is a
users.txt and a admin.txt which both contain crypt(3) passwds.

Here is one of the simple replies I have recieved.

- Date: Mon, 26 Apr 1999 09:32:23 -0400
- From: mwerneburg@stardata.ca
- To: hhp@hhp.hemp.net
- Subject: Re: Discus advisory.
-
- Good post.  I'm administering a discus installation and was appalled to
- see files like passwd.txt with 666 perms.  Thanks for the heads-up!


-elaich

-----------------------------------------
elaich of the hhp.            hhp-1999(c)
Email:  hhp@hemp.net
Web:   http://hhp.hemp.net/
Voice: 1-800-Rag-on-gH pin: The-hhp-crew
hhp-ms: hhp.hemp.net, port:7777, pass:hhp
-----------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]