[748] in linux-security and linux-alert archive
[linux-security] Re: linux-security-digest V2 #23
daemon@ATHENA.MIT.EDU (Peter Orbaek)
Wed Jun 5 13:39:15 1996
Date: Wed, 05 Jun 96 08:44:54 EDT
From: Peter Orbaek <poe@theory.lcs.mit.edu>
To: linux-security@tarsier.cv.nrao.edu, aschaefe@crcg.edu
In-Reply-To: <199606050745.DAA05472@tarsier.cv.nrao.edu>
(owner-linux-security-digest@tarsier.cv.nrao.edu)
> I just discovered a major security hole in the getpwnam() function
> in the current libc (5.3.12, probably present in all previous
> versions). It can be exploited if there is an entry in the form
> +username::::::
> or
> -username::::::
[...]
This is not quite as bad as it sounds. A quick fix is to never
use '+' by itself in /etc/passwd to include the entire NIS map,
use /etc/host.conf for this instead. Also, I'm not sure the
hole is there if you write just '+user' without all the colons.
Still, libc should have been fixed a long time ago.
- Peter. (poe@daimi.aau.dk)