On Mon, 2002-09-23 at 16:03, Michael Stauber wrote: > > Under "regular" apache you will be unable to use > > PAM authentication because /etc/shadow will become unreadable. E.g. you > > won't be able to access /stats/ directories of individual virtual > > servers. > > Depends on. Remember that OS restored RaQs usually have improper permissions > on /etc/shadow and /etc/passwd. So unless the admin there fixed the shadow > permissions manually the authentication will still work, despite > /usr/lib/authenticate no longer being SUID.
If an admin has /etc/shadow world-readable than he is in trouble almost as bad as exploitable /usr/lib/authenticate ;-) > Example from an OS restored box with improper permissions: > > ls -la /etc/passwd /etc/shadow > -rw-r--r-- 1 root root 9839 Sep 18 23:55 /etc/passwd > -rw-rw-r-- 1 root root 6487 Sep 18 23:55 /etc/shadow > > Proper permissions: > > ls -la /etc/passwd /etc/shadow > -rw------- 1 root root 9839 Sep 18 23:55 /etc/passwd > -rw------- 1 root root 6487 Sep 18 23:55 /etc/shadow Not exactly right. /etc/passwd *should* be world readable. The point of separation of /etc/passwd and /etc/shadow back in ca. 1990 was to protect password hashes while still letting non-proviledged processes use getpw*() family of functions. That have lots of legitimate uses. Eugene _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
