[Touch-packages] [Bug 1923262] Re: backup /etc/passwd- file should be mode 0600

** Bug watch added: Red Hat Bugzilla #1858866 https://bugzilla.redhat.com/show_bug.cgi?id=1858866 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1923262 Title: backup /e

Re: [Touch-packages] [Bug 1923262] Re: backup /etc/passwd- file should be mode 0600

For some additional context, here is a related bug report for redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1858866 (they decided to wont-fix, indicating the flaw is with the CIS benchmark). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, whic

[Touch-packages] [Bug 1923262] Re: backup /etc/passwd- file should be mode 0600

I suspect the rationale is that there is no need for everyone to be able to access the backup file, and it does contain information that might be useful to an attacker. `/etc/passwd`, on the other hand, needs to be world-readable or else many existing tools would break. The real-world usefulness

[Touch-packages] [Bug 1923262] Re: backup /etc/passwd- file should be mode 0600

I agree, it was surprising to me as well. The rationale given is just this: ``` It is critical to ensure that the /etc/passwd- file is protected from unauthorized access. Although it is protected by default, the file permissions could be changed either inadvertently or through malicious actions.