[530] in bugtraq
Sun Patch Id #102060-01
daemon@ATHENA.MIT.EDU (Mitch Wright)
Sun Dec 18 22:46:57 1994
Date: Sun, 18 Dec 1994 18:18:05 -0800
From: Mitch Wright <mitch@oz.com>
To: bugtraq@fc.net
So does anybody know more about this one??? I've tried a few things, but
haven't figured it out yet. This wasn't mentioned here yet was it??
This is relevant parts of the README file from the patch release. If you
want the entire patch -- URL ftp://sunsolve1.sun.com/pub/patches/patches.html
and click on the README file for this patch...
Patch-ID# 102060-01
Keywords: security, SunOS, 4.1.x, passwd, -F, root, race-condition
Synopsis: SunOS 4.1.3_U1: Root access possible via forced passwd race condition
Date: Oct/28/94
Solaris Release: 1.1.1
SunOS Release: 4.1.3_U1
Xref: Patch 102023 is the 4.1.2, 4.1.3, 4.1.3C version of this patch.
Relevant Architectures: sparc
BugId's fixed with this patch: 1169007
Patches required with this patch:
Obsoleted by: 4.1.4, 5.x
Files included with this patch:
/usr/bin/passwd
Problem Description:
1169007: Security: Root access possible on SunOS 4.1.x via forced passwd
race condition.
Patch Installation Instructions:
[...]
This patch restricts the use of the passwd command's -F option to root,
unless the system administrator explicitly permits non-root users to
use the option for specifically-identified alternate password files.
If you wish to permit such use, set up a file called /etc/pwfiles
containing a line for each full path you wish to allow non-root users
to specify as an argument to the -F option. Lines in /etc/pwfiles
which do not begin with a "/" character are treated as comments; this
effectively allows non-root users to use only fully-specified paths
with -F. The use of the /etc/pwfiles file in this way is analogous to
the way the /etc/shells file is used by the passwd command to restrict
the shells non-root users can set up for themselves (you can see the
passwd man page for more information on the /etc/shells file).
Unauthorized non-root use of the -F flag produces the message:
passwd: -F may not be specified for file <-F arg>.
