[27102] in bugtraq
Re: nidump on OS X
daemon@ATHENA.MIT.EDU (John C. Welch)
Wed Sep 18 19:59:13 2002
Date: Wed, 18 Sep 2002 17:52:01 -0400
From: "John C. Welch" <jwelch@MIT.EDU>
To: <bugtraq@securityfocus.com>
Message-ID: <B9AE6DC1.5D691%jwelch@mit.edu>
In-Reply-To: <20020915212848.GA13031@maybe.org>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
On 09/15/2002 17:28, "Dale Harris" <rodmur@maybe.org> wrote:
> Basically any normal user can get a dump of the passwd file and attempt
> brute force attacks on the encrypted passwds, it includes the root passwd.
>
> This problem has been around for well over a year, but Apple ignores it:
>
> http://www.securitytracker.com/alerts/2001/Jul/1001946.html
> http://online.securityfocus.com/archive/1/211718
> Dale Harris <rodmur@maybe.org>
> However Apple hasn't seemed to bother addressing it yet since it still
> persists
> in OS X.2 (Jaguar). You'd think they might have taken the opportunity to fix
> this problem with a new major release.
It's not a case of ignoring it. It's a case of it's been around since
NetInfo came out. It's *far* older than a year. But NetInfo is buggy,
non-standard, poorly documented and understood, and only runs on OS X/*Step
systems unless you get a connector from PADL.
If you look at 10.2, they are *heavily* moving to LDAP v3, which handles
this sort of thing better, but unfortunately, it has to, for now, tie into
NetInfo. Netinfo is bound at a very low level to the OS, and extracting it
correctly will not happen quickly.
>
> This obviously isn't such a big problem when you are dealing with only
> limited access desktop systems, but Xserve exists now, and I would think
> it'd be a bigger concern. Course you could always chmod 700 nidump.
It's an issue with NetInfo, not any one utility.
john
--
John C. Welch
IT Manager
MIT Police
(617) 253 - 3093 work
(508) 579 - 7380 cell
(617) 253 - 8822 fax
