Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!decwrl!labrea!agate!math!greg
From: greg@oreo.berkeley.edu (Greg)
Newsgroups: news.sysadmin
Subject: Re: How to stop future viruses.
Message-ID: <16756@agate.BERKELEY.EDU>
Date: 9 Nov 88 18:57:44 GMT
References: <16722@agate.BERKELEY.EDU> <5420@saturn.ucsc.edu>
Sender: usenet@agate.BERKELEY.EDU
Reply-To: greg@math.Berkeley.EDU (Greg)
Organization: UC Berkeley
Lines: 16

In article <5420@saturn.ucsc.edu> koreth@ssyx.ucsc.edu (Steven Grimm) writes:
>In article <16722@agate.BERKELEY.EDU> greg@math.Berkeley.EDU (Greg) writes:
>>On most Unix systems that I've seen, /etc/passwd is publicly readable. 
>>There is no reason for this.
>Unless you're proposing adding another file with usernames and uids, /bin/ls
>will stop telling you who owns files if /etc/passwd isn't readable...

This is minor problem.  I can think of two quick solutions:

1)  Make /etc/passwd publicly readable, but put the encrypted passwords
somewhere else.

2)  Have ls setuid when it wants to read /etc/password, but not when it
reads the directory itself.
--
Greg