Bugtraq mailing list archives

Re: Sun Patch Id #102060-01

From: J.S.Peatfield () amtp cam ac uk (Jon Peatfield)
Date: Wed, 21 Dec 1994 18:24:16 +0000

Kinda sad, because passwd -F is mildly useful, and it's really really
easy to make it secure: just permanently throw away all elevated
privilege as soon as the -F is noticed on the command line.  Then
proceed to run as normal.


Well it may be useful in some environments (we used to use it to maintain a 
proto-password file of allocated users), but it *never* worked properly if you 
had shadow passwords switched on which was kind of sad.  It always insisted on 
looking in /etc/security/ for the password.adjunct which defeats the point of 
having the -F option.  When we heard about the -F security holes we did the 
binary patch thing to remove the -F option.  These days we live without it.

-- Jon

Jon Peatfield, Computer Officer, the DAMTP, University of Cambridge
Telephone: (+44 223) 3-37852     Mail: J.S.Peatfield () damtp cam ac uk

Current thread:

Re: Sun Patch Id #102060-01, (continued)
- Re: Sun Patch Id #102060-01 Dave Horsfall (Dec 19)
  - Re: Sun Patch Id #102060-01 Rens Troost (Dec 20)
- Re: Re: Sun Patch Id #102060-01 Ed Arnold (Dec 19)
  - Re: Re: Sun Patch Id #102060-01 Scott D. Yelich (Dec 20)
  - Replacement for lockd? Dave Horsfall (Dec 20)
- Re: Re: Re: Sun Patch Id #102060-01 Pete Hartman (Dec 19)
  - Re: Sun Patch Id #102060-01 Casper Dik (Dec 19)
  - Re: Re: Re: Sun Patch Id #102060-01 bmanning () isi edu (Dec 20)
    - Re: Re: Re: Sun Patch Id #102060-01 Jeff Smith (Dec 20)
- Re: Sun Patch Id #102060-01 der Mouse (Dec 20)
  - Re: Sun Patch Id #102060-01 Jon Peatfield (Dec 21)
- Re: Re: Re: Re: Sun Patch Id #102060-01 Pete Hartman (Dec 20)
- Re: Re: Re: Re: Sun Patch Id #102060-01 Mark Graff (Dec 20)
- Re: Re: Re: Sun Patch Id #102060-01 Charles L. Athey III (Dec 20)