"passwd -F" vulnerability? (fwd)

Bill Broadley (broadley@neurocog.lrdc.pitt.edu)
Tue, 10 May 1994 15:40:44 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Adam Shostack: "Re: new iss stuff"
Previous message: Everett F Batey WA6CRE: "Re: new iss stuff"
Next in thread: matthew green: "Re: "passwd -F" vulnerability? (fwd)"

> On some Unix systems (e.g., SunOS 4.x), passwd has a "-F" flag allowing
> you to specify the file to use (instead of /etc/passwd).  It appears
> that the passwd program pays no attention to permissions on that file;
> it runs setuid to root (of course), and accesses the file without doing
> any permission checking.

# ls -al /.secure/etc/audnames 
-rw---S---   1 root     sys           58 Mar 13  1993 /.secure/etc/audnames

Viper> passwd -f /.secure/etc/audnames
/.secure/etc/audnames: Permission denied

HP-UX neurocog A.09.01 A 9000/735 2000866196 two-user license

Doesn't seem to work on hp's.

-- 
Bill Broadley@{neurocog,schneider3,lrdc5}.lrdc.pitt.edu (in order of preference)
Linux is great.         Bike to live, live to bike.                      PGP-ok

Next message: Adam Shostack: "Re: new iss stuff"
Previous message: Everett F Batey WA6CRE: "Re: new iss stuff"
Next in thread: matthew green: "Re: "passwd -F" vulnerability? (fwd)"