-x implementations

Sean Eric Fagan sef at kithrup.COM
Sat Mar 9 05:47:02 AEST 1991


In article <QMY9-24 at xds13.ferranti.com> peter at ficc.ferranti.com (Peter da Silva) writes:
>Isn't this a security hole? I mean, once you can write to the password file
>you have the keys to the kingdom. I hope this goes away when you turn off C2.

Eeek.  Let me explain this a bit better:  a while ago, I wrote up my own
implementation of login that set multiple groups.  I was running that.
However, the *kernel* was still broken: it didn't check multiple groups for
access permission (which kinda defeated the entire reason I'd done it:  I
wanted to be in group uucp so I didn't have to be root to do a 'cu -l tty2A
dir').  Now, however, the kernel has been fixed, and a new version of login.
I installed all of this, and went on my merry way.

However, I'd *completely* forgotten that I'd set myself up to be in almost
every group in existance (well, 7 of them, at least).  One of those groups
was 'auth', which has write access to /etc/passwd.  Since the multiple
groups now work, I have write access to /etc/passwd.

And, no, sorry:  under sco's unix, having write access to /etc/passwd will
only allow you to lock everyone out by removing or changing values; it won't
let you get it.  You need to create one or two more files elsewhere in the
tree with all the proper magic in them.

-- 
Sean Eric Fagan  | "I made the universe, but please don't blame me for it;
sef at kithrup.COM  |  I had a bellyache at the time."
-----------------+           -- The Turtle (Stephen King, _It_)
Any opinions expressed are my own, and generally unpopular with others.



More information about the Comp.unix.programmer mailing list