Date: Sun, 14 Feb 1999 23:10:34 +0300 From: Alex Povolotsky <tarkhil@asteroid.svib.ru> To: security@FreeBSD.ORG Subject: Security bug in getpwent? Message-ID: <199902142010.XAA01375@shuttle.svib.ru>
next in thread | raw e-mail | index | archive | help
Hello! I've just noticed that getpwent, returning * as password, doesn't set _PWF_PASS in pw_fields, allowing anyone logged in locally to find all non-passworded accounts and leaving absolutely no traces. I'd consider it a bug. The patch is trivial, should I make it and post? Alex. -- Alexander B. Povolotsky [ICQ 18277558] [2:5020/145] [http://freebsd.svib.ru] [tarkhil@asteroid.svib.ru] [Urgent messages: 234-9696 ΑΒ.#35442 or tarkhil@pager.express.ru] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902142010.XAA01375>