[7255] in bugtraq
Re: Slackware Shadow Insecurity
daemon@ATHENA.MIT.EDU (Liviu Daia)
Tue Jul 14 13:16:32 1998
Date: Tue, 14 Jul 1998 01:13:26 +0300
Reply-To: daia@stoilow.imar.ro
From: Liviu Daia <daia@STOILOW.IMAR.RO>
X-To: Richard Thomas <rthomas@sy.net>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.96.980713042047.10260A-100000@buglord.sy.net>; from
Richard Thomas on Mon, Jul 13, 1998 at 04:21:55AM -0400
On 13 July 1998, Richard Thomas <rthomas@SY.NET> wrote:
> Discovered by Ted Hickman:
>
> Recently I noticed something rather "insecure" about the slackware 3.4
> /bin/login (and probably other versions). If the /etc/group file does
> not exist, any user who logs into the system is given uid 0 gid 0.
[...]
> So whats the fix? Well first of all, change src/login.c to:
>
> if (setup_uid_gid(&pwent, is_console))
> exit(1);
Not exactly a good idea AFAICT: I suppose you still want to login
as root to create /etc/group after that...
> If we wanted to be fancy we could continue to login even if
> initgroups() fails (most likely you don't "need" those extra groups to
> get into the system and fix it), but we gotta save something for the
> shadow authors. =)
[...]
As I said, you'd probably have to do that anyway.
Regards,
Liviu
--
Dr. Liviu Daia e-mail: daia@stoilow.imar.ro
Institute of Mathematics web page: http://www.imar.ro/~daia
of the Romanian Academy PGP key: finger daia@stoilow.imar.ro
