Barbara wrote: > Luckily I don't allow shell access so those files > can't be viewed.
False sense of security. Very easy to write cgi scripts to read them. > But this begs the question WHY on > earth would the official Cobalt Restore CD(s) be > setting up restored boxes with risky permissions on > the shadow password file? I never said the restore CDs were doing it. I don't know that they are. I don't think they are. I originally thought it was the latest kernel patches or the latest updates, but I'm not sure now. An associate tells me he thinks it's just RUNNING CMU. We don't know yet. Everything else is premature. Jeff -- Jeff Lasman <[EMAIL PROTECTED]> Linux and Cobalt/Sun/RaQ Consulting nobaloney.net P. O. Box 52672, Riverside, CA 92517 voice: (909) 778-9980 * fax: (702) 548-9484 _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
