Date: Mon, 29 Jan 1996 19:33:23 -0500 (EST) From: Brian Tao <taob@io.org> To: freebsd-security@freebsd.org Subject: Re: Temporary passwd files in /etc? Message-ID: <Pine.BSF.3.91.960129192538.3307D-100000@zap.io.org> In-Reply-To: <199601282315.JAA08301@genesis.atrad.adelaide.edu.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 29 Jan 1996, Michael Smith wrote:
>
> The second is probably an emacs backup file. It looks like root has
> emacs as its editor, or someone su'd to root and root's .cshrc doesn't
> override EDITOR, and also has a really bogus umask setting. This is a
> _really_good_ reason not to ever use emacs as root's editor.
It turns out that our programmer was testing out a perl-based
passwd file massager that created a temporary file with a ~ at the
end (he is an emacs user). He had inadvertently set his umask in the
perl script to (umask() & 700) rather than 077, and that's how it
ended up mode 666.
> The former; hmm. .orig is a patch(1) thing; have you used diff/patch to
> pass changes to your password database around?
I don't know about this one. It was created before the perl
script was in use and thankfully did not contain a copy of the
encrypted passwords.
Thanks to all who mailed back suggestions about the origins of the
passwd files.
--
Brian Tao (BT300, taob@io.org)
Systems Administrator, Internex Online Inc.
"Though this be madness, yet there is method in't"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960129192538.3307D-100000>