Bugtraq mailing list archives

Re: Slackware Shadow Insecurity

From: daia () stoilow imar ro (Liviu Daia)
Date: Tue, 14 Jul 1998 01:13:26 +0300


On 13 July 1998, Richard Thomas <rthomas () SY NET> wrote:

Discovered by Ted Hickman:

Recently I noticed something rather "insecure" about the slackware 3.4
/bin/login (and probably other versions). If the /etc/group file does
not exist, any user who logs into the system is given uid 0 gid 0.

[...]

So whats the fix? Well first of all, change src/login.c to:

        if (setup_uid_gid(&pwent, is_console))
                exit(1);


    Not exactly a good idea AFAICT:  I suppose you still want to login
as root to create /etc/group after that...

If we wanted to be fancy we could continue to login even if
initgroups() fails (most likely you don't "need" those extra groups to
get into the system and fix it), but we gotta save something for the
shadow authors. =)

[...]

    As I said, you'd probably have to do that anyway.

    Regards,

    Liviu

--
Dr. Liviu Daia                   e-mail:   daia () stoilow imar ro
Institute of Mathematics         web page: http://www.imar.ro/~daia
of the Romanian Academy          PGP key:  finger daia () stoilow imar ro

Current thread:

Slackware Shadow Insecurity Richard Thomas (Jul 13)
- Re: Slackware Shadow Insecurity Liviu Daia (Jul 13)
- Re: Slackware Shadow Insecurity Jon Torrez (Jul 13)