Dangers of vi & passwd (Was Re: SVR3 passwd changes mode of passwd file)
Amos Shapir
amos at taux02.UUCP
Sun Oct 9 01:05:45 AEST 1988
In article <13215 at hqda-ai.ARPA> jay at hqda-ai.ARPA (Jay Heiser) writes:
>CCI, our SysV vender, has just posted a bulletin warning that vi has
>an undocumented feature. "[it was] designed to look for the
>occurrence of a line that starts with the string "ei:" and use the
>characters following the ei: as editor commands. This is NOT
>documented."
>
>In other words, if someone on your system has a userid 'ei',
>unexpected things will happen if you use vi to edit the password file.
>The bulletin only warns about SysV versions of vi (specifically on
>tahoes and Power 5/32s).
It's only on sysV's version because I personally changed it on the BSD4.2
version; I have found out about it exactly as you describe - by editing
the passwd file! As bugs usually do, it has just crept back when the
original sources from AT&T were used for the sysV port.
All that's needed to trigger it is a line containing 'ex:', 'vi:', 'ei:'
or 'vx:' in the first or last 4 lines.
--
Amos Shapir amos at nsc.com
National Semiconductor (Israel) P.O.B. 3007, Herzlia 46104, Israel
Tel. +972 52 522261 TWX: 33691, fax: +972-52-558322
34 48 E / 32 10 N (My other cpu is a NS32532)
More information about the Comp.unix.questions
mailing list