Date: Tue, 12 Mar 2002 03:00:58 -0800 (PST) From: Slawomir Parysek <irys@irc.pl> To: freebsd-gnats-submit@FreeBSD.org Subject: i386/35816: no one can change password, because "passwd DB is locked" Message-ID: <200203121100.g2CB0wv92939@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 35816 >Category: i386 >Synopsis: no one can change password, because "passwd DB is locked" >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Mar 12 03:10:01 PST 2002 >Closed-Date: >Last-Modified: >Originator: Slawomir Parysek >Release: 4.5-RELEASE >Organization: ArgNet >Environment: FreeBSD my.host.name.com.pl 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002 murray@builder.freebsdmall.com:/usr/src/sys/compile/GENERIC i386 >Description: When one (malicious) user edit his own passwd database (via $ chpass command), no one can change password, because "passwd DB is locked". Also root cant't change any information in passwd database, eg add/delete It is very importand problem especialy on systems whih acts as shell box (TM.). >How-To-Repeat: how to repeat, huh, thats simple: log in into accont and leave an running "chpass" command on screen and log out, huh noone can change his/her passd and/or any other info by editing /etc/passwd* etc >Fix: how to fix it? hmm... block acces to command chpass for all suspicous users ;-P >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203121100.g2CB0wv92939>