Pat Myrto wrote : || || "In the previous message, Mike Raffety said..." || > || > On some Unix systems (e.g., SunOS 4.x), passwd has a "-F" flag allowing || > you to specify the file to use (instead of /etc/passwd). It appears || > that the passwd program pays no attention to permissions on that file; || > it runs setuid to root (of course), and accesses the file without doing || > any permission checking. || || So what? One can copy /etc/passwd and edit it with an EDITOR. So? || Login reads /etc/passwd, not whatever file the user chooses. Until || the user can write the changes into /etc/passwd (and sometimes || /etc/security/passwd.adjunct), he has accomplished NOTHING. So this permits someone to read a file that is supposed to be only readable by the owner. He never said that this was a way to modify /etc/passwd. Letting all users read any file on your system is a security bug, whether it gives them immediate root access or not. || Remeber, the passwd command does not determine account access. || || [ ... ] || || > I've just figured this out; is it a well-known bug? Are there any || > other consequences? || || Its not a problem. Remember, access permissions are supposed to determine which files you can read. As stated, it *is* a problem (I haven't tried to verify to what extent the statement is correct or complete). -- That is 27 years ago, or about half an eternity in | John Macdonald computer years. - Alan Tibbetts | jmm@Elegant.COM