/etc/shadow equivalent without a source license!
Daniel Ray
norstar at tnl.UUCP
Thu Apr 6 01:11:16 AEST 1989
In article <18939 at adm.BRL.MIL>, rbj at dsys.icst.nbs.gov (Root Boy Jim) writes:
>
> I disagree. Both files, /etc/passwd *and* /etc/shadow should look *exactly*
> alike, except that the passwords in /etc/passwd should be random. Consider:
>
> The Bad Guy is really, or rather looks like, a Good Guy. That is, he
> has an account on your machine. So he changes his password, and sees
> that /etc/passwd doesn't change, or that the entry remains `x'. You
> have now alerted him to the fact that /etc/passwd is not the real
> file, so he goes looking for the real one. The above reasoning applies
> if he gets a copy of /etc/passwd somehow.
A very good suggestion. I thought of it, but decided that it might be just
too complicated simulating the encrypted keys, and when they are changed.
Maybe I'll do this down the road, however.
> ...
> In any case, there are several solutions to the problem of changing
> /etc/shadow to mode 400 instead of mode 444. The first is the
> hard way; either use bpatch or adb or something else, find the
> constant 444, and change it to 400. Another easier way is to
> wrap /bin/passwd in another program that simply does a chmod
> after the real /bin/passwd runs. This leaves a small window
> where /etc/shadow could possibly be read however.
I solved this by making the NEW real password file something like
/dir/x/y/ze with the parent directories /dir/x/y being closed. No
chmod necessary, *and* it prevents links to the file.
>
> Catman Rshd <rbj at nav.icst.nbs.gov>
> Author of "The Daemonic Versions"
I just got ahold of the excellent public domain /su/passwd/login clone
programs from jfh at rpp386, so I have something new to play with as far
as passwd goes. Fun fun!
norstar
The Northern Lights, Burlington Vermont | There *is*
tnl dialins: 802-865-3614 at 300-2400 bps. ` | / no real security
------------------------------------------ --- * --- so lets
uucp: uunet!uvm-gen!tnl!norstar or / | . PRETEND!
{decvax,linus}!dartvax!uvm-gen!tnl!norstar |
More information about the Comp.unix.questions
mailing list