Security Basics mailing list archives
Re: Netinfo Manager
From: Gene Cronk <gcronk () trsg net>
Date: Tue, 23 Sep 2003 15:31:04 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wouldn't chown root nidump and chmod 700 nidump fix this? Matteo wrote: | Hi, | | I'm using Mac OS 10.2.8 Server and today I was quite surprised to see | that a normal user on my server can obtain the encrypted passwords of | all the user just using the command "nidump password .": | | bash-2.05a$ nidump passwd . | nobody:*:-2:-2::0:0:Unprivileged User:/dev/null:/dev/null | root:*EncryptedPass:0:0::0:0:System Administrator:/var/root:/bin/tcsh | ... | | Isn't this a security flaw? Is Apple going to fix it in the next release | of Mac OS X (Panther)? Now, how to prevent users to see the passwords of | the other users? | | Thanks | | |- ---------------------------------------------------------------------------
|- ----------------------------------------------------------------------------
| | | | | !DSPAM:3f709da5377046336910753! | | - -- Gene Cronk MCP,iNet+ (gcronk () trsg net) The Robin Shepherd Group -- Systems Administrator Office (904)-359-0981 Ext. 36 Cell (386)-795-3081 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/cJ93KFvyxVTltrARAgFaAJ9iH3CQm6BIDC+Za2TYciXDohCGXgCfUUaw pcUqSXUwz4XbbjWN7Ncq/UM= =pimM -----END PGP SIGNATURE----- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Netinfo Manager Matteo (Sep 23)
- Re: Netinfo Manager Jos Kirps|EducDesign (Sep 23)
- Re: Netinfo Manager Dave Botsch (Sep 24)
- Re: Netinfo Manager Jos Kirps|EducDesign (Sep 24)
- Re: Netinfo Manager Dave Botsch (Sep 24)
- Re: Netinfo Manager Gene Cronk (Sep 23)
- Re: Netinfo Manager Ansgar -59cobalt- Wiechers (Sep 23)
- <Possible follow-ups>
- Re: Netinfo Manager Matt Burnett (Sep 25)
- Re: Netinfo Manager Jos Kirps|EducDesign (Sep 23)