On Fri, Jan 21, 2000 at 07:15:20PM -0600, harikiri wrote:
> w00w00 Security Advisory - http://www.w00w00.org
>
> Title: S/Key & OPIE Database Vulnerability
> Platforms: BSD/OS 4.0.1 (SKEY).
> FreeBSD 3.4-RELEASE (OPIE).
> Linux Distributions (with skey-2.2-1 RPM).
> Any Unix running skey-2.2. (possibly earlier versions too)
> Discovered: 14th January, 2000
NetBSD began installing a mode 600 /etc/skeykeys file as of Jan 6, 1999.
This issue would not affect the two most recent formal releases, 1.4,
and 1.4.1 - as they include the more secure default.
Users of skey on earlier installs should evaluate appropriate permissions
for their /etc/skeykeys file based on local requirements (e.g. non-setuid
programs performing authentication) - as indicated in the w00w00 advisory.
I'm not a member of the NetBSD security team, I'm just speaking as a user...
--
David Maxwell, [EMAIL PROTECTED]|[EMAIL PROTECTED] -->
Any sufficiently advanced Common Sense will seem like magic...
- me
