Re: "passwd -F" vulnerability?

Greg Woods (woods@ncar.ucar.edu)
Wed, 11 May 94 9:57:26 MDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Oliver Friedrichs: "Re: Time For New Security Package? (was Re: new iss stuff)"
Previous message: Ken Descoteaux: "Re: "passwd -F" vulnerability?"
In reply to: Steve Simmons: "Re: "passwd -F" vulnerability?"
Next in thread: John Macdonald: "Re: "passwd -F" vulnerability?"

> Do
> 
> 	passwd -F /etc/shadow
> 
> Now the shadow password file is visible in /var/adm/messages.

At least on SunOS 4.1.3, where the equivalent command is

passwd -F /etc/security/passwd.adjunct

this doesn't work. If the file it is trying to read is sort of in
/etc/passwd format (colon-separated fields), then you will get
a complaint like

May 11 09:49:00 ncar passwd[7959]: null uid:  "root"

for each line of the file, so fortunately it does not actually allow
the shadow passwd file to be read on SunOS 4.1.3. However, for other
unreadable files, it works just fine so it is still a serious security
hole.

--Greg

Next message: Oliver Friedrichs: "Re: Time For New Security Package? (was Re: new iss stuff)"
Previous message: Ken Descoteaux: "Re: "passwd -F" vulnerability?"
In reply to: Steve Simmons: "Re: "passwd -F" vulnerability?"
Next in thread: John Macdonald: "Re: "passwd -F" vulnerability?"