OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 2nd quarter (Apr-Jun) 1999: Re: Discus advisory.

Re: Discus advisory.

Elaich Of Hhp (hhpNS.SUSPEND.NET)
Thu, 29 Apr 1999 19:50:34 -0400 

On Wed, 28 Apr 1999, Ian R. Justman wrote:
> Showed this to my boss because one of our customers (one whose account we
> are currently reviewing) runs this script.
>
> If this is running under Linux, FreeBSD or any system with a decent shadow
> password system or something similar AND a sanely-configured web server,
> e.g. with CGIwrap, any internal wrappering which runs scripts as the owner
> of the script like any later version of Apache with the integrated setuid
> wrapper, or at the very least just outright running scripts as an
> arbitrary unprivileged user, there is no problem.  You can't read
> /etc/shadow|/etc/master.passwd|/etc/whatever if you're not a privileged
> user.  ;)
>
> --Ian.

Well I never said that /etc/shadow, /etc/passwd etc. etc. were readable.
and the stuff you stated above is not the problem here.  The software
creates the directory with 666 perms. In that directory there is a
users.txt and a admin.txt which both contain crypt(3) passwds.

Here is one of the simple replies I have recieved.

- Date: Mon, 26 Apr 1999 09:32:23 -0400
- From: mwerneburgstardata.ca
- To: hhphhp.hemp.net
- Subject: Re: Discus advisory.
-
- Good post.  I'm administering a discus installation and was appalled to
- see files like passwd.txt with 666 perms.  Thanks for the heads-up!


-elaich

-----------------------------------------
elaich of the hhp.            hhp-1999(c)
Email:  hhphemp.net
Web:   http://hhp.hemp.net/
Voice: 1-800-Rag-on-gH pin: The-hhp-crew
hhp-ms: hhp.hemp.net, port:7777, pass:hhp
-----------------------------------------