From owner-freebsd-security  Fri Oct 16 07:18:44 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id HAA02715
          for freebsd-security-outgoing; Fri, 16 Oct 1998 07:18:44 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from www.scancall.no (www.scancall.no [195.139.183.5])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id HAA02710
          for <security@FreeBSD.ORG>; Fri, 16 Oct 1998 07:18:40 -0700 (PDT)
          (envelope-from Marius.Bendiksen@scancall.no)
Received: from super2.langesund.scancall.no [195.139.183.29]
	by www with smtp
	id JDPFTHOJ; Fri, 16 Oct 98 14:18:21 GMT
	(PowerWeb version 4.04r6)
Message-Id: <3.0.5.32.19981016161322.00920830@mail.scancall.no>
X-Sender: Marius@mail.scancall.no
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32)
Date: Fri, 16 Oct 1998 16:13:22 +0200
To: andrew@squiz.co.nz, security@FreeBSD.ORG
From: Marius Bendiksen <Marius.Bendiksen@scancall.no>
Subject: Re: X allows ordinary user to read first line of any file
In-Reply-To: <Pine.BSF.4.01.9810161756550.706-100000@aniwa.sky>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>I'm sure there's other files where this can be a problem, but in the case
>of the password file it seems wise to have a dummy entry as the first line
>of the master.passwd file.

You could of course just delete the file, if you're concerned that they're
going to crack the password. If you enforce a sound password policy, they
won't be able to get anything from that.
---
Marius Bendiksen, IT-Trainee, ScanCall AS

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message