schwartz@groucho.cs.psu.edu (Scott Schwartz) (06/28/91)
I just unpacked a new SS2, with SunOS preinstalled on the disk. While poking around getting it ready to play nicely with our other machines, I noticed a few things. * There is no umask set in /etc/rc, so lots of files created by daemons wind up world writable. * Beyond that, /etc/aliases.*, /etc/remote, and /etc/motd are world writable. There may be others -- those are just the ones I noticed immediately. * There is a "+" in /etc/hosts.equiv, /etc/passwd, and /etc/group. All sorts of mischief is possible unless these things are fixed up. I'd feel much happier if my machine wasn't totally insecure right out of the box. Fixed in 4.1.2 perhaps? P.S. Has Sun stopped advertising "The Network is the Computer"? -- Scott