Do not use blank lines in /etc/passwd
guy at sun.UUCP
guy at sun.UUCP
Wed Oct 22 05:03:34 AEST 1986
> Umm, could be sort of a security hole in itself: if anyone can make a
> a match to the "*" you have let them enter the system as root (uid==0).
No, it can't, because they can't. Remember, the password stored in
"/etc/passwd" is an *encrypted* password, and the password check is done by
encrypting the password the user types (or, more correctly, encrypting a
constant string using the password as key) and comparing it with the
encrypted password from "/etc/passwd".
The System V manual explicitly states that the encrypted password is 13
characters long and will not contain any characters other than ".", "/",
letters, or numbers. This is also true of other UNIX systems, since they
use the same encryption software.
--
Guy Harris
{ihnp4, decvax, seismo, decwrl, ...}!sun!guy
guy at sun.com (or guy at sun.arpa)
More information about the Comp.unix.wizards
mailing list