Date: Mon, 29 Apr 1996 09:14:05 +0200 (MET DST) From: J Wunsch <j@uriah.heep.sax.de> To: freebsd-current@FreeBSD.org (FreeBSD-current users) Subject: Re: cvs commit: src/lib/libskey skeylogin.c Message-ID: <199604290714.JAA01368@uriah.heep.sax.de> In-Reply-To: <199604262133.OAA05910@freefall.freebsd.org> from Joerg Wunsch at "Apr 26, 96 02:33:22 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
As Joerg Wunsch wrote: > joerg 96/04/26 14:33:21 > > Modified: lib/libskey skeylogin.c > Log: > /etc/skeykeys was basically suffering from the same vulnerability > as any non-shadowed /etc/passwd. Ironically, all programs using S/Key > have already been setuid root except keyinfo(1). > > This modification creates /etc/skeykeys with mode 0600 to prevent it > from being examined by ordinary users. NB: you ought to manually chmod 0600 /etc/skeykeys if you are already using it and chose the more secure way. The above works only for newly created files. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604290714.JAA01368>