/etc/passwd grungies
Doug Gwyn
gwyn at brl-smoke.ARPA
Sun Feb 9 20:23:27 AEST 1986
> BEWARE: In /etc/passwd blank or otherwise badly formatted lines can
> cause *extremely* anomalous behaviour.
This is an understatement. Any time a line of /etc/passwd
is edited so that it contains the wrong number of fields,
subsequent updating (e.g., by the "passwd" command) can
produce one or more lines in /etc/passwd of the form
::0:0:::
which has the interesting consequence that one can "log in"
using a null username, not have to give a password, and end
up as superuser.
This problem was fixed in the /etc/passwd-reading library
routines in UNIX System V, but not in 4.2BSD.
I have seen this problem occur several times.
More information about the Net.bugs.usg
mailing list