Unix security suggestion
Juergen Wagner
gandalf at csli.STANFORD.EDU
Wed Nov 23 10:40:20 AEST 1988
Empty lines or comments in /etc/passwd caused the ::0:0:: or #::0:0:: lines.
Every time somebody changes his/her password, the passwd program would read
/etc/passwd, taking the respective lines for entries with an empty user name,
uid zero, etc., and later write them out. Since some entries would contain
a newline char as username, the number of these phantom user entries would
grow with each change made to any password on the system...
I hope people aren't using the buggy version of passwd any more...
--
Juergen Wagner gandalf at csli.stanford.edu
wagner at arisia.xerox.com
More information about the Comp.unix.wizards
mailing list