[1541] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: [Linux UID/GID 'Feature']

daemon@ATHENA.MIT.EDU (Rogier Wolff)
Mon May 12 10:00:06 1997

To: augustus@stic.net
Date: Mon, 12 May 1997 15:47:00 +0200 (MET DST)
Cc: linux-security@redhat.com
In-Reply-To: <19970511220640.41228@stic.net> from "Eric Augustus" at May 11, 97 10:06:40 pm
From: R.E.Wolff@BitWizard.nl (Rogier Wolff)
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com


>  While trying to make a user entry in the /etc/passwd file
> unrecognized so I could demonstrate the use of valid UIDs, I placed
> a # in front of the UID.  My theory was that this would make it an
> invalid number and cause Linux to give an authentication failure.
> (This worked as expect on SunOS 4.1.4) But then we tried to su to
> that user and were rewarded by being dumped to UID 0.  It didn't
> recognize the UID so it defaulted to 0.  Cool huh?

Some people are replying: "what do I care when a root-user is 
editing /etc/passwd, and can put # in the /etc/passwd file to get
a root-account?"

That is not the issue. The issue is that as a sysop you might be
surprised that putting a "#" in the uid field doesn't stop the guy
from logging in, but gives him a root-account instead. You all should
better be warned.... (But I never do that -> Ok let it rest)

Say you've been closing accounts by adding #'s on SunOS for years and
now are administrating a Linux machine. Surprise, that annoying cracker
you thought you threw off, now suddenly has root priviliges. Bad thing.

Another thing is a "#" in front of the whole line. That also doesn't work.
You have to login as "#wolff" instead of just "wolff". 

One thing that does work is to put a "*" in front of the passwd entry.

                                Roger.


home help back first fref pref prev next nref lref last post