From owner-freebsd-security  Fri Feb 16 07:48:00 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id HAA11277
          for security-outgoing; Fri, 16 Feb 1996 07:48:00 -0800 (PST)
Received: from zip.io.org (root@zip.io.org [198.133.36.80])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id HAA11260
          for <freebsd-security@freebsd.org>; Fri, 16 Feb 1996 07:47:39 -0800 (PST)
Received: (from taob@localhost) by zip.io.org (8.6.12/8.6.12) id KAA06143; Fri, 16 Feb 1996 10:46:52 -0500
Date: Fri, 16 Feb 1996 10:46:52 -0500 (EST)
From: Brian Tao <taob@io.org>
To: James FitzGibbon <james@else.net>
cc: FREEBSD-SECURITY-L <freebsd-security@freebsd.org>
Subject: Re: Temporary passwd files in /etc?
In-Reply-To: <Pine.LNX.3.91.960215202232.30726B-100000@else.net>
Message-ID: <Pine.BSF.3.91.960216104352.24676C-100000@zip.io.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
Precedence: bulk

On Thu, 15 Feb 1996, James FitzGibbon wrote:
> 
> I didn't see an answer to this in the list, but they are created by 
> chpass/vipw type utilities.  I've never seen one get mode 666 though.  

    We tracked it down a while ago.  We have a perl script that
massages password files, pretending to be the "editor" that vipw
calls.  The umask in the perl script was set incorrectly.
--
Brian Tao (BT300, taob@io.org)
Systems Administrator, Internex Online Inc.
"Though this be madness, yet there is method in't"