Bugtraq mailing list archives

Re: Possible Issue with Netinfo and Mac OS X

From: Matthew Seaman <matthew.seaman () tornadogroup com>
Date: Mon, 03 Sep 2001 17:18:12 +0100

Ethan Benson wrote:


On Mon, Sep 03, 2001 at 12:22:50PM +1000, Benjamin Gardiner wrote:
[snip]

      Anyway to get to the core of the matter, I was looking through the
file structure, looking at some of the config files, and such, when I
happened to look in /var/backups in var/backups there was one file called:
"local.nidump"

This is a file which contains from what I can tell a fair part if not all
of the information stored in the netinfo database, including users and
passwords.

Here is the information for a user I created for this purpose:

          "_shadow_passwd" = ( "" );
          "_writers_passwd" = ( "test" );
          "hint" = ( "" );
          "uid" = ( "502" );
          "_writers_hint" = ( "test" );
          "gid" = ( "20" );
          "realname" = ( "test" );
          "name" = ( "test" );
          "passwd" = ( "Fnh1eLU0U6o12" );
          "shell" = ( "/bin/tcsh" );
          "home" = ( "/Users/test" );
          "sharedDir" = ( "Public" );


The issue is that my user "test" was created without the option to
administer the system (by default root isn't enabled in Mac OS X.)  This
user though could access and copy and read this file, via a shell and also
via ftp (please note again things like ssh and ftp are not started by
default they have to be enabled in sharing under system preferences.


the same information as above can be gained with the command:

nidump passwd . (iirc i don't have any OSX systems around anymore)

which dumps an unshadowed passwd file in pretty much the same format
as you would find on a GNU/Linux or BSD system. any unprivileged user
may run this command, nidump is not suid nor sgid so changing its
permissions will do nothing, contrary to some suggestions to do so.
(the user may simply grab thier own copy from another machine).


Heh.  That's been a problem for a loooong time.  See, for instance, a posting
I made on comp.sys.next.advocacy way back in 1997:

http://groups.google.com/groups?q=group:comp.sys.next.*+author:MAtthew+author:Seaman&start=100&hl=en&safe=off&rnum=106&selm=5m2253%24h7c%241%40ironhorse.plsys.co.uk

Note that the person I'm replying to in that posting was at the time
associated with (or even employed by) Xedoc.com who were the original authors
of Netinfo, before NeXT standardised on Netinfo for their shiny
new OS and way, way before Apple bought NeXT.

        Matthew

-- 
Matthew Seaman                                         Tel: 01628 498661

        Certe, Toto, sentio nos in Kansate non iam adesse.

Current thread:

Possible Issue with Netinfo and Mac OS X Benjamin Gardiner (Sep 02)
- Re: Possible Issue with Netinfo and Mac OS X Ethan Benson (Sep 03)
  - Re: Possible Issue with Netinfo and Mac OS X Matthew Seaman (Sep 03)
- Re: Possible Issue with Netinfo and Mac OS X Marukka (Sep 03)
  - Re: Possible Issue with Netinfo and Mac OS X Marc Liyanage (Sep 03)
- Re: Possible Issue with Netinfo and Mac OS X kang (Sep 03)
- <Possible follow-ups>
- RE: Possible Issue with Netinfo and Mac OS X Dixie Flatline (Sep 03)
- Re: Possible Issue with Netinfo and Mac OS X Stuart Moore (Sep 03)