Has anyone else noticed that on Cobalt CacheRAQ's the root
password is stored in cleartext in the file /etc/ADMINPW ?
I thought it was a quirk or something when I first found it,
but it's on all 5 of our CacheRAQ's....even the ones I've just
restored from CD.
How much sense does this make? Storing the *root* password in
cleartext in a file that is mod 644 ?!?! <Or any file for that matter>
I contacted Cobalt support and their answer was basically,
"Oh well...the only account on the system is root so they would
have to already know the password to get in anyway"
What?!?! First of all, we do add 1 non-privileged account to all
our CacheRAQ's so we can telnet and/or SSH into the machine
and then disallow telnet access to the root account.
<To telnet into a machine as root is just STUPID...that's what su is for.>
Secondly, how many times have crackers exploited daemons other
than telnetd to get the contents of a file sent to them? A buffer
overflow in squid or apache could result in them getting the contents of
this file!!
Cobalt told me that the only way I could get them to fix this problem
was to hire "Professional Services" to re-work the entire user-interface
for $200 an hour.
Personally I see this as a security flaw that they should fix ASAP.
There's NO reason for this file to be there.
I realize that I could just not use the user-interface to change the password,
but if I'm not going to use the interface I might as well buy a box from
VAR Systems or Penguin Computing. The beauty of a cobalt is the
easy web administration.
I may be paranoid....but this is just unacceptable.
What does everyone else think about this?
Benson Hill
Internet Systems Engineer
bhill@xxxxxxx
---------
Voice: 662.840.6464 Ext. 208
Personal eFax: 508.445.6416
AFO TeleFax: 662.840.6350
Protect your Family with American Family Filtering!
For fast and safe Internet, click http://www.afo.net/cust.htm?1469