From owner-freebsd-security  Sat Nov 21 21:57:12 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA04144
          for freebsd-security-outgoing; Sat, 21 Nov 1998 21:57:12 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from gatekeeper.tsc.tdk.com (gatekeeper.tsc.tdk.com [207.113.159.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA04139
          for <freebsd-security@FreeBSD.ORG>; Sat, 21 Nov 1998 21:57:10 -0800 (PST)
          (envelope-from gdonl@tsc.tdk.com)
Received: from sunrise.gv.tsc.tdk.com (root@sunrise.gv.tsc.tdk.com [192.168.241.191])
	by gatekeeper.tsc.tdk.com (8.8.8/8.8.8) with ESMTP id VAA24973;
	Sat, 21 Nov 1998 21:56:32 -0800 (PST)
	(envelope-from gdonl@tsc.tdk.com)
Received: from salsa.gv.tsc.tdk.com (salsa.gv.tsc.tdk.com [192.168.241.194])
	by sunrise.gv.tsc.tdk.com (8.8.5/8.8.5) with ESMTP id VAA26067;
	Sat, 21 Nov 1998 21:56:31 -0800 (PST)
Received: (from gdonl@localhost)
	by salsa.gv.tsc.tdk.com (8.8.5/8.8.5) id VAA00404;
	Sat, 21 Nov 1998 21:56:29 -0800 (PST)
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Message-Id: <199811220556.VAA00404@salsa.gv.tsc.tdk.com>
Date: Sat, 21 Nov 1998 21:56:29 -0800
In-Reply-To: Bill Woodford <woodford@cc181716-a.hwrd1.md.home.com>
       "Re: Would this make FreeBSD more secure?" (Nov 17,  3:10pm)
X-Mailer: Mail User's Shell (7.2.6 alpha(3) 7/19/95)
To: Bill Woodford <woodford@cc181716-a.hwrd1.md.home.com>,
        freebsd-security@FreeBSD.ORG
Subject: Re: Would this make FreeBSD more secure?
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Nov 17,  3:10pm, Bill Woodford wrote:
} Subject: Re: Would this make FreeBSD more secure?
} 
} On Sun, 15 Nov 1998, Andre Albsmeier wrote:
} | For example:
} | 
} | root@voyager:~>ll /etc/spwd.db /etc/master.passwd 
} | -rw-r-----  1 root  pw  -   828 Nov 15 12:43 /etc/master.passwd
} | -rw-r-----  1 root  pw  - 40960 Nov 15 12:43 /etc/spwd.db

One caution: if you NFS export /etc to any untrusted systems (even
read-only), they will now be able to read your password database.
With 0600 root permissions, this was not possible because of the
root -> nobody translation that NFS does by default.

			---  Truck

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message