4.1.1 security
Scott Schwartz
schwartz at groucho.cs.psu.edu
Fri Jun 28 06:22:00 AEST 1991
I just unpacked a new SS2, with SunOS preinstalled on the disk. While
poking around getting it ready to play nicely with our other machines,
I noticed a few things.
* There is no umask set in /etc/rc, so lots of files created by
daemons wind up world writable.
* Beyond that, /etc/aliases.*, /etc/remote, and /etc/motd are world
writable. There may be others -- those are just the ones I noticed
immediately.
* There is a "+" in /etc/hosts.equiv, /etc/passwd, and /etc/group.
All sorts of mischief is possible unless these things are fixed up.
I'd feel much happier if my machine wasn't totally insecure right out
of the box. Fixed in 4.1.2 perhaps?
P.S. Has Sun stopped advertising "The Network is the Computer"?
-- Scott
More information about the Comp.sys.sun
mailing list