Date: Fri, 8 Jan 1999 00:31:40 -0500 From: Jared Mauch <jared@puck.nether.net> To: freebsd-security@FreeBSD.ORG Subject: 3.0 rel pwd_mkdb problem(patch) Message-ID: <19990108003140.A13277@puck.nether.net>
next in thread | raw e-mail | index | archive | help
I've had a problem recently with people breaking root
and installing accounts with *no* uid in their pw file entry,
that way everything comes up with zero for the uid, giving
the user root privs. I'm not sure how they're obtaining root yet,
but i've patched pwd_mkdb so they can't rebuild the pw file with
this being the case (which it should check for anyways).
here's the patch:
diff -ur pw_scan.c.orig pw_scan.c
--- pw_scan.c.orig Fri Jan 8 00:24:14 1999
+++ pw_scan.c Fri Jan 8 00:16:59 1999
@@ -80,6 +80,11 @@
goto fmt;
if(p[0]) pw->pw_fields |= _PWF_UID;
id = atol(p);
+ if (strlen(p) == 0)
+ {
+ warnx("no uid for user %s", pw->pw_name);
+ return (0);
+ }
if (root && id) {
warnx("root uid should be 0");
return (0);
--
Jared Mauch | pgp key available via finger from jared@puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990108003140.A13277>