From owner-freebsd-current  Fri Sep  6 23:31:45 1996
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id XAA08918
          for current-outgoing; Fri, 6 Sep 1996 23:31:45 -0700 (PDT)
Received: from kanto.cc.jyu.fi (root@kanto.cc.jyu.fi [130.234.1.2])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA08912;
          Fri, 6 Sep 1996 23:31:42 -0700 (PDT)
Received: from localhost (kallio@localhost [127.0.0.1]) by kanto.cc.jyu.fi (8.7.2/8.7.2) with ESMTP id JAA28624; Sat, 7 Sep 1996 09:31:40 +0300 (EET DST)
Date: Sat, 7 Sep 1996 09:31:39 +0300 (EET DST)
From: Seppo Kallio <kallio@cc.jyu.fi>
To: hackers@freebsd.org
cc: current@freebsd.org
Subject: SECURITY HOLE in FreeBSD 2.1.5 ????????!!!!!!!
In-Reply-To: <31D3C997.CA9F25F@fa.tdktca.com>
Message-ID: <Pine.SOL.3.92.960907091945.28337C-100000@kanto.cc.jyu.fi>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Sender: owner-current@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


I think pwd_mkdb is making a temporaly file /etc/master.passwd.orig with
read permissions to all.

It is temporaly file, but when we have 4000 accounts the file exists for a
while.

I found this file in /etc directory after user adding procedures started
to complain about the existence of this file.

Second alternative is bug in our scripts, but I have not found that file
name in them (I have not the author of our scripts).

-----------

Plus this hole, we have had these problems:

We cannot add users to the system when someone is using passwd command.
It is really big problem in a node having 4000 accounts when we try to add
1000 account now when new students come in start of September.
Passwd command should not lock the passwd files for the entire time after
user type passwd to the time he/she succeeds to type his/hers new passwd!

The adduser should manage the locking situation better.

Seppo Kallio				kallio@jyu.fi
Computing Center			Fax +358-14-603611
U of Jyväskylä		62.14N 25.44E	Phone +358-14-603606
PL 35, 40351 Jyväskylä, Finland		http://www.jyu.fi/~kallio