From owner-freebsd-security  Wed Oct  4  3:22:41 2000
Delivered-To: freebsd-security@freebsd.org
Received: from static.unixfreak.org (static.unixfreak.org [63.198.170.139])
	by hub.freebsd.org (Postfix) with ESMTP
	id B5DF837B66C; Wed,  4 Oct 2000 03:22:39 -0700 (PDT)
Received: by static.unixfreak.org (Postfix, from userid 1000)
	id 780551F0D; Wed,  4 Oct 2000 03:22:39 -0700 (PDT)
Subject: Re: BSD chpass (fwd)
In-Reply-To: <Pine.BSF.4.21.0010041401260.11157-100000@falcon.nns.ru> from "Andrey
 V. Sokolov" at "Oct 4, 2000 02:10:12 pm"
To: "Andrey V. Sokolov" <abc@nns.ru>
Date: Wed, 4 Oct 2000 03:22:39 -0700 (PDT)
Cc: Dima Dorfman <dima@unixfreak.org>,
	Kris Kennaway <kris@FreeBSD.ORG>,
	Alfred Perlstein <bright@wintelcom.net>,
	Mike Silbersack <silby@silby.com>, security@FreeBSD.ORG
From: Dima Dorfman <dima@unixfreak.org>
Reply-To: dima@unixfreak.org
X-Mailer: ELM [version 2.4ME+ PL61 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Message-Id: <20001004102239.780551F0D@static.unixfreak.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Hi!
> Do not forget! chpass, chfn, chsh, ypchpass, ypchfn, ypchsh are hard
> links! This exploit will work with any command from this set, if
> little modification of exploits code is done.

And since they're hard links, when you [un]set the modes for one, the
others get it to.  In other words, unless you go out of your way to
keep chfn/chsh/etc. setuid to root, chmod 555 `which chpass` is
sufficient.

-- 
Dima Dorfman <dima@unixfreak.org>
Finger dima@unixfreak.org for my public PGP key.

"Reading and writing, arithmetic and grammar do not constitute education, any
more than a knife, fork and spoon constitute a dinner."
        -- John Lubbock


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message