[ILUG] slight security flaw?
Steffen Higel
higels at tcd.ie
Sun Mar 19 13:39:29 GMT 2000
To avoid having to study last night, I decided to look around my machine (RH6.1) to see if there was anything seriously insecure about it... and I think I found something, maybe someone else has noticed this as well:
I created new accounts on the machine using the console version of linuxconf, and it logged the commands that it executed in /var/log/netconf.log. Problem is, said file is world readable, so there in it were the usernames and passwords (unencrypted) of all the accounts I had made.
Whose fault is this, mine for using linuxconf, RedHat's for putting funny permissions on a file or Linuxconf's for putting private stuff in a world readable file?
Comments much appreciated
--
Steffen
higels at tcd.ie
website:http://matrix.netsoc.tcd.ie/~steffen
More information about the ILUG
mailing list