Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!cis.ohio-state.edu!zaphod.mps.ohio-state.edu!uakari.primate.wisc.edu!aplcen!boingo.med.jhu.edu!haven.umd.edu!mimsy!rlgvax!thurlow
From: thurlow@rlgvax.Reston.ICL.COM (Scott Thurlow)
Newsgroups: comp.admin.policy
Subject: Re: Student suspended for distributing /etc/passwd
Message-ID: <1991Jun13.142458.23638@rlgvax.Reston.ICL.COM>
Date: 13 Jun 91 14:24:58 GMT
References: <31124@hydra.gatech.EDU> <1991Jun12.112633.14888@rulway.LeidenUniv.nl>
Reply-To: thurlow@rlgvax.Reston.ICL.COM (Scott Thurlow)
Organization: International Computers Limited, Reston, Virginia, USA
Lines: 10

In article <1991Jun12.112633.14888@rulway.LeidenUniv.nl> crissl@rulcvx.LeidenUniv.nl (Stefan Linnemann) writes:
>/etc/passwd is a security risk, that has not been plugged, yet.

Not true, in System V.4, passwords are kept in a shadow password file which
which readable only by root.  The password entries in the regular password
file are left empty.
-- 
Scott Thurlow  International Computers Limited, Reston, Virginia, USA
Primary:       thurlow@rlgvax.reston.icl.com or thurlow@getafix.oasis.icl.co.uk
Alternate:     thurlow@utcs.utoronto.ca or thurlow@utorgpu.bitnet