From owner-freebsd-security Thu Jan 7 21:31:55 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA05339 for freebsd-security-outgoing; Thu, 7 Jan 1999 21:31:55 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from puck.nether.net (puck.nether.net [204.42.254.5]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA05324 for ; Thu, 7 Jan 1999 21:31:53 -0800 (PST) (envelope-from jared@puck.nether.net) Received: (from jared@localhost) by puck.nether.net (8.9.2/8.7.3) id AAA13409 for freebsd-security@Freebsd.org; Fri, 8 Jan 1999 00:31:40 -0500 (EST) (envelope-from jared) Date: Fri, 8 Jan 1999 00:31:40 -0500 From: Jared Mauch To: freebsd-security@FreeBSD.ORG Subject: 3.0 rel pwd_mkdb problem(patch) Message-ID: <19990108003140.A13277@puck.nether.net> Mail-Followup-To: freebsd-security@Freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.1i Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've had a problem recently with people breaking root and installing accounts with *no* uid in their pw file entry, that way everything comes up with zero for the uid, giving the user root privs. I'm not sure how they're obtaining root yet, but i've patched pwd_mkdb so they can't rebuild the pw file with this being the case (which it should check for anyways). here's the patch: diff -ur pw_scan.c.orig pw_scan.c --- pw_scan.c.orig Fri Jan 8 00:24:14 1999 +++ pw_scan.c Fri Jan 8 00:16:59 1999 @@ -80,6 +80,11 @@ goto fmt; if(p[0]) pw->pw_fields |= _PWF_UID; id = atol(p); + if (strlen(p) == 0) + { + warnx("no uid for user %s", pw->pw_name); + return (0); + } if (root && id) { warnx("root uid should be 0"); return (0); -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message