Date: Sat, 9 Jan 1999 19:32:28 -0500 From: Jared Mauch <jared@puck.nether.net> To: Barrett Richardson <brich@aye.net> Cc: Jared Mauch <jared@puck.nether.net>, freebsd-security@FreeBSD.ORG Subject: Re: 3.0 rel pwd_mkdb problem(patch) Message-ID: <19990109193228.C30252@puck.nether.net> In-Reply-To: <Pine.BSF.3.96.990108171019.12973A-100000@phoenix.aye.net>; from Barrett Richardson on Fri, Jan 08, 1999 at 05:17:18PM -0500 References: <19990108003140.A13277@puck.nether.net> <Pine.BSF.3.96.990108171019.12973A-100000@phoenix.aye.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 08, 1999 at 05:17:18PM -0500, Barrett Richardson wrote: > > > On Fri, 8 Jan 1999, Jared Mauch wrote: > > > > > I've had a problem recently with people breaking root > > and installing accounts with *no* uid in their pw file entry, > > that way everything comes up with zero for the uid, giving > > the user root privs. I'm not sure how they're obtaining root yet, > > Maybe in addition to your patch you could log who is trying to > run pwd_mkdb with the null id. You could also turn on process accounting > and find out what else he was doing around the same time frame. Yeah, I wasn't too ambitious at the time. I got this from a user also, haven't taken time to look at src yet as i'm on a *slow* conn this weekend, but check this out: --- cut here -- I went through the newuser stuff, set a provisional password, then logged out. I logged back in with ssh and tried to change my passwd. This is what happened... freenet:~$ passwd Changing local password for garph. Old password: New password: Please don't use an all-lower case password. Unusual capitalization, control characters or digits are suggested. New password: Retype new password: passwd: updating the database... pwd_mkdb: no uid for user garph pwd_mkdb: at line #561 pwd_mkdb: /etc/pw.K18778: Inappropriate file type or format passwd: /etc/master.passwd: unchanged freenet:~$ id uid=630(garph) gid=10(user) groups=10(user) --- cut here --- perhaps this is also a passwd bug. - jared > > Just a thought. > > - > > Barrett -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990109193228.C30252>