I appreciate you bringing this to our attention, but (as shadow upstream
maintainer) I'm going to join John in saying this should be wontfix.
Now if you want to change the subject to also making /etc/passwd 600,
then as Alexander points out that may be doable and have merit. But
just hiding the
** Bug watch added: Red Hat Bugzilla #1858866
https://bugzilla.redhat.com/show_bug.cgi?id=1858866
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1923262
Title:
backup /etc/passwd- file
** Changed in: shadow (Ubuntu)
Status: Incomplete => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1923262
Title:
backup /etc/passwd- file should be mode 0600
To manage
For some additional context, here is a related bug report for redhat:
https://bugzilla.redhat.com/show_bug.cgi?id=1858866 (they decided to
wont-fix, indicating the flaw is with the CIS benchmark).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
I largely agree but I'd like to point out a little bit of nuance. Even
on modern (e.g., 20.04) systems using shadow by default, global
read/write access to /etc/passwd{,-} _can_ (in some scenarios) still
problematic. A system will still function fine even if /etc/passwd has
000 permissions (+/-
The cisecurity guide is wrong. While there is info that could be
leveraged, but on a modern system the really sensitive information is
split out into /etc/shadow (which very much should be only readable by
root). The reality is that on a modern system /etc/passwd needs to be
world readable (it is
I suspect the rationale is that there is no need for everyone to be able
to access the backup file, and it does contain information that might be
useful to an attacker. `/etc/passwd`, on the other hand, needs to be
world-readable or else many existing tools would break.
The real-world usefulness
I agree, it was surprising to me as well. The rationale given is just
this:
```
It is critical to ensure that the /etc/passwd- file is protected from
unauthorized access. Although it is protected by default, the file permissions
could be changed either inadvertently or through malicious
Hello, this sounds like surprising advice to me -- afterall the
/etc/passwd file is 644. I don't know what would be the point of hiding
this 'backup' file. Does the benchmark give a rationale for this?
Thanks
** Information type changed from Private Security to Public Security
** Changed in:
