Date: Mon, 15 Feb 1999 12:29:28 -0500 (EST) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: tarkhil@asteroid.svib.ru Cc: security@FreeBSD.ORG Subject: Security bug in getpwent? Message-ID: <199902151729.MAA09832@khavrinen.lcs.mit.edu> In-Reply-To: <199902142010.XAA01375@shuttle.svib.ru> References: <199902142010.XAA01375@shuttle.svib.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Sun, 14 Feb 1999 23:10:34 +0300, Alex Povolotsky <tarkhil@asteroid.svib.ru> said: > I've just noticed that getpwent, returning * as password, doesn't set > _PWF_PASS in pw_fields, allowing anyone logged in locally to find all > non-passworded accounts and leaving absolutely no traces. Don't do that, then. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199902151729.MAA09832>