From: hogan@csl.sri.com (Emmett Hogan) Newsgroups: alt.security,alt.sys.sun Subject: YASB (Yet Another Sun Bug) Message-ID: Date: 23 Aug 91 20:42:00 GMT Organization: Computer Science Lab, SRI International, Menlo Park, CA. Well this one's pretty cute... Here's The Setup: Sun 3's and Sun 4's SunOS 4.1.1 In an attempt to make our Sun machines more "secure" we run Sun's implementation of C2. Well, to run it you must execute a shell script called /usr/etc/C2conv, which does various things such as setting up your shadow password and group files. Now, prior to running C2conv, the permissions on my password and group files were: -rw-r--r-- 1 root wheel 522 May 16 17:11 /etc/passwd -rw-r--r-- 1 root wheel 522 May 16 17:11 /etc/group After running C2conv, these permissions were changed to: -rw-rw-r-- 1 root staff 522 May 16 17:11 /etc/passwd -rw-rw-r-- 1 root staff 233 Jun 4 16:46 /etc/group Note: Not only was it made group WRITABLE, but the group was changed to group STAFF !!! I checked to make sure if maybe I just had the umask screwed up, but that was not the case, it had to explicitly somewhere in the conversion routines. - Can anyone tell me why this might happen? - Am I just being paranoid, and this is no big deal? - Will Sun ever get C2 straight? - Will Bill Joy ever get....(oh nevermind) :-) Thanks in advance for any enlightening info, Emmett -- ------------------------------------------------------------------- Emmett Hogan Computer Science Lab, SRI International Inet: hogan@csl.sri.com UUCP: {ames, decwrl, pyramid, sun}!fernwood!hercules!hogan USMAIL: EL231, 333 Ravenswood Ave, Menlo Park, CA 94025 PacBell: (415)859-3232 (voice), (415)859-2844 (fax) ICBM: 37d 27' 14" North, 122d 10' 52" West -------------------------------------------------------------------