[27086] in bugtraq
Re: nidump on OS X
daemon@ATHENA.MIT.EDU (Bryan Blackburn)
Wed Sep 18 12:22:47 2002
Date: Tue, 17 Sep 2002 09:54:37 -0600
From: Bryan Blackburn <blb@pobox.com>
To: bugtraq@securityfocus.com
Message-ID: <20020917155436.GW22593@kosh.withay.com>
Mail-Followup-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020915212848.GA13031@maybe.org>
Disabling nidump wouldn't help, as this is NetInfo being a little too
generous. You can also use, for example, niutil:
niutil -read . /users/root
You'll note nidump isn't setid-anything, so someone can simply copy it
from another machine.
Bryan
On Sep 15, 2002 14:28, Dale Harris stated:
> Basically any normal user can get a dump of the passwd file and attempt
> brute force attacks on the encrypted passwds, it includes the root passwd.
>
> This problem has been around for well over a year, but Apple ignores it:
>
> http://www.securitytracker.com/alerts/2001/Jul/1001946.html
> http://online.securityfocus.com/archive/1/211718
>
> However Apple hasn't seemed to bother addressing it yet since it still persists
> in OS X.2 (Jaguar). You'd think they might have taken the opportunity to fix
> this problem with a new major release.
>
> This obviously isn't such a big problem when you are dealing with only
> limited access desktop systems, but Xserve exists now, and I would think
> it'd be a bigger concern. Course you could always chmod 700 nidump.
>
> --
> Dale Harris
> rodmur@maybe.org
> /.-)
>
