Date: Mon, 29 Jan 1996 09:45:29 +1030 (CST) From: Michael Smith <msmith@atrad.adelaide.edu.au> To: taob@io.org (Brian Tao) Cc: freebsd-security@freebsd.org Subject: Re: Temporary passwd files in /etc? Message-ID: <199601282315.JAA08301@genesis.atrad.adelaide.edu.au> In-Reply-To: <Pine.BSF.3.91.960128130513.29165A-100000@zap.io.org> from "Brian Tao" at Jan 28, 96 01:07:03 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Tao stands accused of saying: > > I found these two files lying around in the /etc directory of one > of our FreeBSD 2.1.0-RELEASE machines here. > > -rw-r--r-- 1 root wheel 459403 Jan 20 15:35 pw.007939.orig > -rw-rw-rw- 1 root wheel 612563 Jan 25 19:06 pw.021282~ > > pw.021282~ is a world readable/writeable copy of the master.passwd > file. How did either of those files get there? Do the serial numbers > on them look familiar to anyone (pids?). The second is probably an emacs backup file. It looks like root has emacs as its editor, or someone su'd to root and root's .cshrc doesn't override EDITOR, and also has a really bogus umask setting. This is a _really_good_ reason not to ever use emacs as root's editor. The former; hmm. .orig is a patch(1) thing; have you used diff/patch to pass changes to your password database around? > Brian Tao (BT300, taob@io.org) -- ]] Mike Smith, Software Engineer msmith@atrad.adelaide.edu.au [[ ]] Genesis Software genesis@atrad.adelaide.edu.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control (ph/fax) +61-8-267-3039 [[ ]] "wherever you go, there you are" - Buckaroo Banzai [[
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199601282315.JAA08301>