Subject: security/5658: security/shadow-password penetrating bug
To: None <>
From: Wolfgang Rupprecht <>
List: netbsd-bugs
Date: 06/25/1998 23:26:11
>Number:         5658
>Category:       security
>Synopsis:       shadow-password penetrating bug
>Confidential:   yes
>Severity:       critical
>Priority:       high
>Responsible:    gnats-admin (GNATS administrator)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jun 25 23:35:01 1998
>Originator:     Wolfgang Rupprecht
W S Rupprecht Computer Consulting, Fremont CA
>Release:        current may 22, 98
System: NetBSD 1.3F NetBSD 1.3F (WSRCC) #0: Mon Jun 15 10:43:51 PDT 1998 i386

	a normal user can read the shadow password file

	at -f /etc/master.passwd now + 1 minute
	wait at most 11 minutes

	don't open files within at(1) using the root's access rights.