From owner-freebsd-security Sun Jan 28 13:38:11 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id NAA02789 for security-outgoing; Sun, 28 Jan 1996 13:38:11 -0800 (PST) Received: from ibp.ibp.fr (ibp.ibp.fr [132.227.60.30]) by freefall.freebsd.org (8.7.3/8.7.3) with ESMTP id NAA02779 for ; Sun, 28 Jan 1996 13:38:07 -0800 (PST) Received: from blaise.ibp.fr (blaise.ibp.fr [132.227.60.1]) by ibp.ibp.fr (8.6.12/jtpda-5.0) with ESMTP id WAA29947 ; Sun, 28 Jan 1996 22:37:57 +0100 Received: from (uucp@localhost) by blaise.ibp.fr (8.6.12/jtpda-5.0) with UUCP id WAA11977 ; Sun, 28 Jan 1996 22:37:30 +0100 Received: (from roberto@localhost) by keltia.freenix.fr (8.7.3/keltia-uucp-2.7) id WAA18393; Sun, 28 Jan 1996 22:15:41 +0100 (MET) From: Ollivier Robert Message-Id: <199601282115.WAA18393@keltia.freenix.fr> Subject: Re: Temporary passwd files in /etc? To: taob@io.org (Brian Tao) Date: Sun, 28 Jan 1996 22:15:40 +0100 (MET) Cc: freebsd-security@freebsd.org In-Reply-To: from "Brian Tao" at "Jan 28, 96 01:07:03 pm" X-Operating-System: FreeBSD 2.2-CURRENT ctm#1586 X-Mailer: ELM [version 2.4ME+ PL3 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org Precedence: bulk It seems that Brian Tao said: > -rw-rw-rw- 1 root wheel 612563 Jan 25 19:06 pw.021282~ > pw.021282~ is a world readable/writeable copy of the master.passwd > file. How did either of those files get there? Do the serial numbers > on them look familiar to anyone (pids?). Yes, you're using vipw with EDITOR/VISUAL=emacs and you have a umask problem. It should not be 666. I have a cron job that wipe them every day but they're always 600 ! -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.frmug.fr.net FreeBSD keltia.freenix.fr 2.2-CURRENT #1: Sun Jan 14 20:23:45 MET 1996