Re: BSD chfn bug

[lcamtuf () IDS PL (Michal Zalewski)]

On Sat, 25 Dec 1999, Stanislav N. Vardomskiy wrote:

> > At best you can get a file in /etc/ that is owned by >yourself.

> This just *might* be a problem. I have been patching ssh lately,
> building and rebuilding it over and over again, and it seems that ssh
> can be affected by a number of files in /etc/, some of which are not
> present by default in all OSes.  For instance, just doing a quick
> `strings` on /usr/local/sbin/sshd comes up with: /etc/environment
> /etc/sshrc that are not there by default in many OSes.  At the same
> time when you build SSH, it links by default
> -DTIS_MAP_FILE=\"/etc/sshd_tis.map\"

Hey, people, what the hell are you talking about?! Please read previous
posts:

> When you run chfn (chfn/chsh/chpass is the same binary on FreeBSD),
> temporary file in /etc/pw.???? will touch, external editor will be
> execute (env.variable $EDITOR) with uid of user running chfn. Edit
> your parameters, delete all characters on the last line in the editor
> (Other information: entry). After this, chfn will crash. No core
> dumped.

All you can get is a file in /etc/ owned by yourself, but this file is
named /etc/pw.XXXX, **NOT** /etc/sshrc, /etc/environment,
/etc/sshd_tis.map, or anything else - **NAMED** /etc/pw.XXXX. Until you
own whole /etc directory, or suddenly (*p00f*) it will become
world-writable, you cannot rename this file - it's always and always
/etc/pw.XXXX... So what is wrong with you, stop writing tons of 'what-ifs'
if you haven't tested your ideas at least on your own box ;P It's nothing
bad to make a mistake, but it's good to at least try before.

_______________________________________________________________________
Michal Zalewski [lcamtuf () ids pl] [link / marchew] [dione.ids.pl SYSADM]
[Marchew Industries] ! [http://lcamtuf.na.export.pl] bash$ :(){ :|:&};:
[voice phone: +48 22 813 25 86] <=-=> [cellular phone: +48 501 4000 69]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]