Bugtraq mailing list archives

Re: Digital Unix 4 protected password database.

From: johnson () ISN DAC NEU EDU (Chris Johnson)
Date: Tue, 9 Mar 1999 14:52:55 -0500


On Tue, 9 Mar 1999, James Clement wrote:

Greetings,
     Due to the recent outpouring of DU buffer overflows I thought the
following might be of interest. With the Enhanced Security package
running, authentication info is stored in individual files according to
username. In this case /tcb/files/auth/r/root for root and so on. I am not
aware of any built in method for creating the equivalent of your everyday
unix /etc/shadow file. As a result it is probable that many DU systems
have not weeded out poor choices for passwords through the use of a
program such as Crack since each encrypt is stored in a separate file.
     Though trivial once root is compromised, a would be attacker might
have an easy time obtaining passwords because of this "feature". The
program below outputs a crackable shadow file.


 Regards,
  James Clement


     It WAS primarily stored this way.  Recent versions however
normally store everything in a DBM style file called auth.db unless you
force it otherwise or already are using the separate file approach.

     And as noted, you do need root to run the program.  But if you
are root you don't really need it.  A simple Perl script or even
simpler shell script will do.  Normally the /tcb/files/ tree is owned
by auth.auth and not world readable.  But, um, if you're root all bets
are off anyway.  You don't actually need the passwords.

     Besides, there are uses for the separate file approach.

------------------------------------------------------------------------------
Chris Johnson                  |Internet: johnson () isn dac neu edu
Assistant Director, Systems    |Web:      http://www.dac.neu.edu/dac/c.johnson
Division of Academic Computing |Voice:    617.373.3300
Northeastern University, 39 RI |FAX:      617.373.8600
360 Huntington Ave.            |If ignorance is bliss, why aren't there more
Boston, MA., U.S.A.  02115     |happy people?    Tea bag tag
------------------------------------------------------------------------------

Current thread:

Re: More Internet Explorer zone confusion Oliver Lineham (Mar 08)
- <Possible follow-ups>
- Re: More Internet Explorer zone confusion iversen (Mar 08)
  - WinFreez.c Delmore (Mar 05)
  - The FPSC-IRCD.txt advisory syg FPSC (Mar 07)
    - Digital Unix 4 protected password database. James Clement (Mar 08)
    - Re: Digital Unix 4 protected password database. Chris Johnson (Mar 09)
    - Re: Digital Unix 4 protected password database. Jon Morgan (Mar 10)
    - Re: Digital Unix 4 protected password database. Alec Muffett (Mar 10)
    - Re: Digital Unix 4 protected password database. Keith Piepho (Mar 10)
    - Re: Digital Unix 4 protected password database. Solar Designer (Mar 13)
    - Default password in Bay Networks switches. Jan B. Koum (Mar 10)
    - Re: Default password in Bay Networks switches. Dax Kelson (Mar 10)
    - Re: Default password in Bay Networks switches. Dax Kelson (Mar 10)
    - Re: Default password in Bay Networks switches. Igor Sviridov (Mar 11)
    - Re: Default password in Bay Networks switches. Rolf Obrecht (Mar 12)
    - Re: The FPSC-IRCD.txt advisory Bjarni R. Einarsson (Mar 09)

(Thread continues...)