[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Help ! This is a exploit ? What I do to do .



As dave said I think that this will break stuff - but I also remember there is a way to get the passwd file used (served) by the ftp daemon to be a dummy passwd file with just your ftp user(s) in there, rather than your real users...

not a massive problem because the passwords are stored in the shadow file - but it is a problem if you have lusers on your system choosing weak passwords...

I can't remember where I read about the dummy passwd file for ftp though - I solved our ftpd vulnerabilities a year or two back by using:

rpm --erase

on whatever package wuftpd is in - see - it's been so long I don't even remember that! ;)

- dan.


At 12:25 PM -0400 18/9/00, Scott wrote:
Dan,


Couldn't he just chmod /etc/passwd to 600? Thus disallowing viewing of this file. What are the problems that may arise from this change?

--

	Nitro - 3D Visualisation, Graphics & Animation
		Ph (+61 2) 9810 5177 - Fx (+61 2) 9810 0199
			http://www.nitro.com.au/





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]