Path: utzoo!utgpu!cunews!bnrgate!brchh104!brchs1!bnr.ca!rice.edu!sun-spots-request
From: schwartz@groucho.cs.psu.edu (Scott Schwartz)
Newsgroups: comp.sys.sun
Subject: 4.1.1 security
Keywords: No Digest Subjects during Flush
Message-ID: <4076@brchh104.bnr.ca>
Date: 27 Jun 91 20:22:00 GMT
Sender: news@brchh104.bnr.ca
Organization: Sunspots, Flush Mode
Lines: 21
Approved: sun-spots@rice.edu
X-Original-Date:    Fri, 14 Jun 1991 23:06:54 -0400

I just unpacked a new SS2, with SunOS preinstalled on the disk.  While
poking around getting it ready to play nicely with our other machines,
I noticed a few things.

* There is no umask set in /etc/rc, so lots of files created by
  daemons wind up world writable.

* Beyond that, /etc/aliases.*, /etc/remote, and /etc/motd are world
  writable.  There may be others -- those are just the ones I noticed
  immediately.

* There is a "+" in /etc/hosts.equiv, /etc/passwd, and /etc/group.

All sorts of mischief is possible unless these things are fixed up.
I'd feel much happier if my machine wasn't totally insecure right out
of the box.  Fixed in 4.1.2 perhaps?

P.S.  Has Sun stopped advertising "The Network is the Computer"?

-- Scott