Hi Eugene, > That admin console still works is apparently a side effect of admserv > running with root uid.
Exactly. > Under "regular" apache you will be unable to use > PAM authentication because /etc/shadow will become unreadable. E.g. you > won't be able to access /stats/ directories of individual virtual > servers. Depends on. Remember that OS restored RaQs usually have improper permissions on /etc/shadow and /etc/passwd. So unless the admin there fixed the shadow permissions manually the authentication will still work, despite /usr/lib/authenticate no longer being SUID. Example from an OS restored box with improper permissions: ls -la /etc/passwd /etc/shadow -rw-r--r-- 1 root root 9839 Sep 18 23:55 /etc/passwd -rw-rw-r-- 1 root root 6487 Sep 18 23:55 /etc/shadow Proper permissions: ls -la /etc/passwd /etc/shadow -rw------- 1 root root 9839 Sep 18 23:55 /etc/passwd -rw------- 1 root root 6487 Sep 18 23:55 /etc/shadow Add that to the list of 1001 bugs which Sun Cobalt will never fix. :o( -- With best regards, Michael Stauber [EMAIL PROTECTED] Unix/Linux Support Engineer _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
