[748] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: linux-security-digest V2 #23

daemon@ATHENA.MIT.EDU (Peter Orbaek)
Wed Jun 5 13:39:15 1996

Date: Wed, 05 Jun 96 08:44:54 EDT
From: Peter Orbaek <poe@theory.lcs.mit.edu>
To: linux-security@tarsier.cv.nrao.edu, aschaefe@crcg.edu
In-Reply-To: <199606050745.DAA05472@tarsier.cv.nrao.edu>
	(owner-linux-security-digest@tarsier.cv.nrao.edu)


> I just discovered a major security hole in the getpwnam() function
> in the current libc (5.3.12, probably present in all previous
> versions). It can be exploited if there is an entry in the form

> +username::::::
> or
> -username::::::

[...]

This is not quite as bad as it sounds. A quick fix is to never
use '+' by itself in /etc/passwd to include the entire NIS map,
use /etc/host.conf for this instead. Also, I'm not sure the
hole is there if you write just '+user' without all the colons.

Still, libc should have been fixed a long time ago.

	- Peter. (poe@daimi.aau.dk)

home help back first fref pref prev next nref lref last post