Re: "passwd -F" vulnerability? (fwd)

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Tom Fitzgerald: "Re: Time For New Security Package? (was Re: new iss stuff)"
• Previous message: Mark: "Re: new iss stuff"
• In reply to: Bill Broadley: ""passwd -F" vulnerability? (fwd)"
• Next in thread: Bill Broadley: "Re: "passwd -F" vulnerability? (fwd)"

>-rw---S---   1 root     sys           58 Mar 13  1993 /.secure/etc/audnames
>
>Viper> passwd -f /.secure/etc/audnames
>/.secure/etc/audnames: Permission denied
>
>HP-UX neurocog A.09.01 A 9000/735 2000866196 two-user license
>
>Doesn't seem to work on hp's.

i'm fairly sure that ``passwd -f'' on a hp and ``passwd -f'' on
a sunos 4 box mean vastly different thing.  under sunos4, it
is the same as running ``chfn''.  i'm sure that under hpux it
uses the sysv version, which on solaris makes the user change
their password next time they login.

this all has nothing to do with the original bug, namely, using
``passwd -F'', which infact does not check the permissions on the
file name passed with the ``-F'' flag.  this is on sunos 4.1.3.
i have not found another system that has it, but i don't have
many ``old'' bsd systems to test.

• Next message: Tom Fitzgerald: "Re: Time For New Security Package? (was Re: new iss stuff)"
• Previous message: Mark: "Re: new iss stuff"
• In reply to: Bill Broadley: ""passwd -F" vulnerability? (fwd)"
• Next in thread: Bill Broadley: "Re: "passwd -F" vulnerability? (fwd)"