Date: Tue, 20 Aug 1996 20:52:31 -0600 (MDT) From: Gord Matzigkeit <gord@gnu.ai.mit.edu> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/1519: chpass creates an NIS security hole Message-ID: <199608210252.UAA00889@zeus.engg.ucalgary.ca> Resent-Message-ID: <199608210300.UAA01552@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 1519 >Category: bin >Synopsis: chpass creates an NIS security hole >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Aug 20 20:00:02 PDT 1996 >Last-Modified: >Originator: >Organization: Profit Press >Release: FreeBSD 2.1-STABLE i386 >Environment: FreeBSD 2.1.5-RELEASE #1: Tue Aug 20 02:52:03 MDT 1996 root@zeus.engg.ucalgary.ca:/usr/src/sys/compile/ZEUS >Description: If you use chpass -a, as root, to add the NIS magic cookie to your /etc/master.passwd file, then it will create a line that looks like: +::0:0::0:0::: pwd_mkdb expands this to: +:*:0:0::: I cite the passwd(5) manual page: This is important to remember because most people are accustomed to using an NIS wildcard entry that looks like this: +:*:0:0::: This often leads to new FreeBSD administrators choosing NIS entries for their master.passwd files that look like this: +:*:0:0:::::: Or worse, this +::0:0:::::: DO _NOT_ PUT ENTRIES LIKE THIS IN YOUR master.passwd FILE!! The first tells FreeBSD to remap all passwords to `*' (which will prevent anybody from logging in) and to remap all UIDs and GIDs to 0 (which will make ev- erybody appear to be the superuser). The second case just maps all UIDs and GIDs to 0, which means that all users will appear to be root! It seems that chpass(1) should be aware of the above conditions, and avoid them if possible. >How-To-Repeat: As root, innocently run: zeus:/# chpass -a '+:::::::::' chpass: rebuilding the database... chpass: done zeus:/# tail -1 /etc/master.passwd +::0:0::0:0::: zeus:/# tail -1 /etc/passwd +:*:0:0::: zeus:/# >Fix: Unknown >Audit-Trail: >Unformatted: Gord Matzigkeit <gord@gnu.ai.mit.edu>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608210252.UAA00889>