Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 8 Jan 1999 00:31:40 -0500
From:      Jared Mauch <jared@puck.nether.net>
To:        freebsd-security@FreeBSD.ORG
Subject:   3.0 rel pwd_mkdb problem(patch)
Message-ID:  <19990108003140.A13277@puck.nether.net>

next in thread | raw e-mail | index | archive | help

	I've had a problem recently with people breaking root
and installing accounts with *no* uid in their pw file entry,
that way everything comes up with zero for the uid, giving
the user root privs.  I'm not sure how they're obtaining root yet,
but i've patched pwd_mkdb so they can't rebuild the pw file with
this being the case (which it should check for anyways).  

here's the patch:

diff -ur pw_scan.c.orig pw_scan.c
--- pw_scan.c.orig      Fri Jan  8 00:24:14 1999
+++ pw_scan.c   Fri Jan  8 00:16:59 1999
@@ -80,6 +80,11 @@
                goto fmt;
        if(p[0]) pw->pw_fields |= _PWF_UID;
        id = atol(p);
+       if (strlen(p) == 0)
+       {
+		warnx("no uid for user %s", pw->pw_name);
+		return (0);
+       }
        if (root && id) {
                warnx("root uid should be 0");
                return (0);

-- 
Jared Mauch  | pgp key available via finger from jared@puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990108003140.A13277>