"In the previous message, Robert Lau said..." > > From: rwing!pat@ole.cdac.com (Pat Myrto) > Date: Tue, 10 May 94 16:15:56 PDT > > So what? One can copy /etc/passwd and edit it with an EDITOR. So? > Login reads /etc/passwd, not whatever file the user chooses. Until > > [...] > > Its not a problem. > > I think you're missing the point... > > The goal might not be to modify a file, sometimes it's enough just to look > at it. Since passwd is setuid root and is world executable, any user can > use this 'feature' to read any file on any local filesystem or any NFS > filesystems that are mounted root regardless of the permissions on the file. > This includes all files in otherwise private user home directories, > /etc/shadow, whatever. It doesn't even matter if all parent directories > above the desired file aren't normally readable/searchable by the user. > > I'd say that's a problem. > > Easy solution, chmod o-rwx /var/adm, /var/log, or wherever passwd sends its > complaints to on your machine... <sheepishly> Like I said, I stand corrected; I had replaced passwd some time ago because I didn't want users to be able to change their fullname field, so I couldn't readily test it. Users were sticking any old thing in the GECOS field. So I butchered up passwd+ so it will work with the passwd.adjuct file and pwdauthd daemon. > Robert Lau - Systems Programmer, Unix Systems 213-740-2866 > -- University Computing Services Internet: rslau@usc.edu > -- University of Southern California Bitnet: rslau@uscvm > -- 1020 W Jefferson, LA, CA USA, 90089-0251 UUCP: ...!uunet!usc!rslau > -- pat@rwing [If all fails, try: rwing!pat@ole.cdac.com] Pat Myrto - Seattle WA "No one has the right to destroy another person's belief by demanding empirical evidence." -- Ann Landers, nationally syndicated advice columnist and Director at Handgun Control Inc.