Bugtraq mailing list archives
Re: Sun Patch Id #102060-01
From: J.S.Peatfield () amtp cam ac uk (Jon Peatfield)
Date: Wed, 21 Dec 1994 18:24:16 +0000
Kinda sad, because passwd -F is mildly useful, and it's really really easy to make it secure: just permanently throw away all elevated privilege as soon as the -F is noticed on the command line. Then proceed to run as normal.
Well it may be useful in some environments (we used to use it to maintain a proto-password file of allocated users), but it *never* worked properly if you had shadow passwords switched on which was kind of sad. It always insisted on looking in /etc/security/ for the password.adjunct which defeats the point of having the -F option. When we heard about the -F security holes we did the binary patch thing to remove the -F option. These days we live without it. -- Jon Jon Peatfield, Computer Officer, the DAMTP, University of Cambridge Telephone: (+44 223) 3-37852 Mail: J.S.Peatfield () damtp cam ac uk
Current thread:
- Re: Sun Patch Id #102060-01, (continued)
- Re: Sun Patch Id #102060-01 Dave Horsfall (Dec 19)
- Re: Sun Patch Id #102060-01 Rens Troost (Dec 20)
- Re: Re: Sun Patch Id #102060-01 Ed Arnold (Dec 19)
- Re: Re: Sun Patch Id #102060-01 Scott D. Yelich (Dec 20)
- Replacement for lockd? Dave Horsfall (Dec 20)
- Re: Re: Re: Sun Patch Id #102060-01 Pete Hartman (Dec 19)
- Re: Sun Patch Id #102060-01 Casper Dik (Dec 19)
- Re: Re: Re: Sun Patch Id #102060-01 bmanning () isi edu (Dec 20)
- Re: Re: Re: Sun Patch Id #102060-01 Jeff Smith (Dec 20)
- Re: Sun Patch Id #102060-01 der Mouse (Dec 20)
- Re: Sun Patch Id #102060-01 Jon Peatfield (Dec 21)
- Re: Re: Re: Re: Sun Patch Id #102060-01 Pete Hartman (Dec 20)
- Re: Re: Re: Re: Sun Patch Id #102060-01 Mark Graff (Dec 20)
- Re: Re: Re: Sun Patch Id #102060-01 Charles L. Athey III (Dec 20)
- Re: Sun Patch Id #102060-01 Dave Horsfall (Dec 19)