[313] in linux-security and linux-alert archive
Re: chfn problem with Linux
daemon@ATHENA.MIT.EDU (Michael Shields)
Wed Aug 9 04:25:35 1995
From: shields@tembel.org (Michael Shields)
To: nickkral@parker.EECS.Berkeley.EDU (Nick Kralevich)
Date: Tue, 8 Aug 1995 19:56:37 +0000 (GMT)
Cc: linux-alert@tarsier.cv.nrao.edu, linux-security@tarsier.cv.nrao.edu,
ftlofaro@unlv.edu
In-Reply-To: <Pine.HPP.3.91.950808081744.21796A-100000@parker.EECS.Berkeley.EDU> from "Nick Kralevich" at 1995-08-08 08:19:40
[Frank T Lofaro on alt.hackers says you can truncate passwd by setting
ulimit -f 0, then running chfn/chsh/passwd]
He does not specify what he means by "Linux". The Shadow 3.3.1 suite
does not have this hole; it raises the ulimit to 30 000 blocks.
There may be race conditions that let you signal the process, or set a
low CPU limit, and leave the passwd file in an inconsistent; these are
general robustness issues, since these conditions might also be brought
out by a badly timed crash.
--
Shields.
