From owner-freebsd-current Fri Sep 6 23:31:45 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id XAA08918 for current-outgoing; Fri, 6 Sep 1996 23:31:45 -0700 (PDT) Received: from kanto.cc.jyu.fi (root@kanto.cc.jyu.fi [130.234.1.2]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA08912; Fri, 6 Sep 1996 23:31:42 -0700 (PDT) Received: from localhost (kallio@localhost [127.0.0.1]) by kanto.cc.jyu.fi (8.7.2/8.7.2) with ESMTP id JAA28624; Sat, 7 Sep 1996 09:31:40 +0300 (EET DST) Date: Sat, 7 Sep 1996 09:31:39 +0300 (EET DST) From: Seppo Kallio To: hackers@freebsd.org cc: current@freebsd.org Subject: SECURITY HOLE in FreeBSD 2.1.5 ????????!!!!!!! In-Reply-To: <31D3C997.CA9F25F@fa.tdktca.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: 8BIT Sender: owner-current@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I think pwd_mkdb is making a temporaly file /etc/master.passwd.orig with read permissions to all. It is temporaly file, but when we have 4000 accounts the file exists for a while. I found this file in /etc directory after user adding procedures started to complain about the existence of this file. Second alternative is bug in our scripts, but I have not found that file name in them (I have not the author of our scripts). ----------- Plus this hole, we have had these problems: We cannot add users to the system when someone is using passwd command. It is really big problem in a node having 4000 accounts when we try to add 1000 account now when new students come in start of September. Passwd command should not lock the passwd files for the entire time after user type passwd to the time he/she succeeds to type his/hers new passwd! The adduser should manage the locking situation better. Seppo Kallio kallio@jyu.fi Computing Center Fax +358-14-603611 U of Jyväskylä 62.14N 25.44E Phone +358-14-603606 PL 35, 40351 Jyväskylä, Finland http://www.jyu.fi/~kallio