Bugtraq mailing list archives
Re: Sun Patch Id #102060-01
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Tue, 20 Dec 1994 06:43:42 -0500
[on modern SunOS,] using the -F option will get the message saying something like "user cannot open -F file <filename>" or something similar (I forget exact message).
It refuses to work unless the user is root, or the filename is in /etc/pwfiles as a full pathname. If the file does not exist, only root can use the -F option.
Kinda sad, because passwd -F is mildly useful, and it's really really easy to make it secure: just permanently throw away all elevated privilege as soon as the -F is noticed on the command line. Then proceed to run as normal. Actually, perhaps it should be throw away all privilege if the file given isn't in /etc/pwfiles. That gives the best of both worlds. der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Re: Sun Patch Id #102060-01 der Mouse (Dec 19)
- Re: Sun Patch Id #102060-01 Dave Horsfall (Dec 19)
- Re: Sun Patch Id #102060-01 Rens Troost (Dec 20)
- <Possible follow-ups>
- Re: Re: Sun Patch Id #102060-01 Ed Arnold (Dec 19)
- Re: Re: Sun Patch Id #102060-01 Scott D. Yelich (Dec 20)
- Replacement for lockd? Dave Horsfall (Dec 20)
- Re: Re: Re: Sun Patch Id #102060-01 Pete Hartman (Dec 19)
- Re: Sun Patch Id #102060-01 Casper Dik (Dec 19)
- Re: Re: Re: Sun Patch Id #102060-01 bmanning () isi edu (Dec 20)
- Re: Re: Re: Sun Patch Id #102060-01 Jeff Smith (Dec 20)
- Re: Sun Patch Id #102060-01 der Mouse (Dec 20)
- Re: Sun Patch Id #102060-01 Jon Peatfield (Dec 21)
- Re: Re: Re: Re: Sun Patch Id #102060-01 Pete Hartman (Dec 20)
- Re: Re: Re: Re: Sun Patch Id #102060-01 Mark Graff (Dec 20)
- Re: Re: Re: Sun Patch Id #102060-01 Charles L. Athey III (Dec 20)
- Re: Sun Patch Id #102060-01 Dave Horsfall (Dec 19)