Re: Sun Patch Id #102060-01

Jon Peatfield (J.S.Peatfield@amtp.cam.ac.uk)
Wed, 21 Dec 1994 18:24:16 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John Hawkinson: "Re: CERT, about NFS"
Previous message: Kevin at Freeside Support: "Quick bugtraq test"
In reply to: der Mouse: "Re: Sun Patch Id #102060-01"
Next in thread: Ed Arnold: "Re: Re: Sun Patch Id #102060-01"

> Kinda sad, because passwd -F is mildly useful, and it's really really
> easy to make it secure: just permanently throw away all elevated
> privilege as soon as the -F is noticed on the command line.  Then
> proceed to run as normal.

Well it may be useful in some environments (we used to use it to maintain a 
proto-password file of allocated users), but it *never* worked properly if you 
had shadow passwords switched on which was kind of sad.  It always insisted on 
looking in /etc/security/ for the password.adjunct which defeats the point of 
having the -F option.  When we heard about the -F security holes we did the 
binary patch thing to remove the -F option.  These days we live without it.

-- Jon

Jon Peatfield, Computer Officer, the DAMTP, University of Cambridge
Telephone: (+44 223) 3-37852     Mail: J.S.Peatfield@damtp.cam.ac.uk

Next message: John Hawkinson: "Re: CERT, about NFS"
Previous message: Kevin at Freeside Support: "Quick bugtraq test"
In reply to: der Mouse: "Re: Sun Patch Id #102060-01"
Next in thread: Ed Arnold: "Re: Re: Sun Patch Id #102060-01"