|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: "passwd -F" vulnerability? (fwd)
matthew green (mrgreen
mame.mu.oz.au)Wed, 11 May 1994 11:41:03 +1000
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Tom Fitzgerald: "Re: Time For New Security Package? (was Re: new iss stuff)"
- Previous message: Mark: "Re: new iss stuff"
- In reply to: Bill Broadley: ""passwd -F" vulnerability? (fwd)"
- Next in thread: Bill Broadley: "Re: "passwd -F" vulnerability? (fwd)"
>-rw---S--- 1 root sys 58 Mar 13 1993 /.secure/etc/audnames > >Viper> passwd -f /.secure/etc/audnames >/.secure/etc/audnames: Permission denied > >HP-UX neurocog A.09.01 A 9000/735 2000866196 two-user license > >Doesn't seem to work on hp's. i'm fairly sure that ``passwd -f'' on a hp and ``passwd -f'' on a sunos 4 box mean vastly different thing. under sunos4, it is the same as running ``chfn''. i'm sure that under hpux it uses the sysv version, which on solaris makes the user change their password next time they login. this all has nothing to do with the original bug, namely, using ``passwd -F'', which infact does not check the permissions on the file name passed with the ``-F'' flag. this is on sunos 4.1.3. i have not found another system that has it, but i don't have many ``old'' bsd systems to test.
- Next message: Tom Fitzgerald: "Re: Time For New Security Package? (was Re: new iss stuff)"
- Previous message: Mark: "Re: new iss stuff"
- In reply to: Bill Broadley: ""passwd -F" vulnerability? (fwd)"
- Next in thread: Bill Broadley: "Re: "passwd -F" vulnerability? (fwd)"