[1541] in linux-security and linux-alert archive
[linux-security] Re: [Linux UID/GID 'Feature']
daemon@ATHENA.MIT.EDU (Rogier Wolff)
Mon May 12 10:00:06 1997
To: augustus@stic.net
Date: Mon, 12 May 1997 15:47:00 +0200 (MET DST)
Cc: linux-security@redhat.com
In-Reply-To: <19970511220640.41228@stic.net> from "Eric Augustus" at May 11, 97 10:06:40 pm
From: R.E.Wolff@BitWizard.nl (Rogier Wolff)
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
> While trying to make a user entry in the /etc/passwd file
> unrecognized so I could demonstrate the use of valid UIDs, I placed
> a # in front of the UID. My theory was that this would make it an
> invalid number and cause Linux to give an authentication failure.
> (This worked as expect on SunOS 4.1.4) But then we tried to su to
> that user and were rewarded by being dumped to UID 0. It didn't
> recognize the UID so it defaulted to 0. Cool huh?
Some people are replying: "what do I care when a root-user is
editing /etc/passwd, and can put # in the /etc/passwd file to get
a root-account?"
That is not the issue. The issue is that as a sysop you might be
surprised that putting a "#" in the uid field doesn't stop the guy
from logging in, but gives him a root-account instead. You all should
better be warned.... (But I never do that -> Ok let it rest)
Say you've been closing accounts by adding #'s on SunOS for years and
now are administrating a Linux machine. Surprise, that annoying cracker
you thought you threw off, now suddenly has root priviliges. Bad thing.
Another thing is a "#" in front of the whole line. That also doesn't work.
You have to login as "#wolff" instead of just "wolff".
One thing that does work is to put a "*" in front of the passwd entry.
Roger.