I suspect the rationale is that there is no need for everyone to be able to access the backup file, and it does contain information that might be useful to an attacker. `/etc/passwd`, on the other hand, needs to be world-readable or else many existing tools would break.
The real-world usefulness to an attacker of data in the backup file, that is not in the live file, seems pretty limited, though. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1923262 Title: backup /etc/passwd- file should be mode 0600 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1923262/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
