Date: Fri, 8 Jan 1999 14:04:17 +0100 From: Eivind Eklund <eivind@FreeBSD.ORG> To: freebsd-security@FreeBSD.ORG Cc: wollman@FreeBSD.ORG Subject: Re: 3.0 rel pwd_mkdb problem(patch) Message-ID: <19990108140417.E348@follo.net> In-Reply-To: <19990108003140.A13277@puck.nether.net>; from Jared Mauch on Fri, Jan 08, 1999 at 12:31:40AM -0500 References: <19990108003140.A13277@puck.nether.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 08, 1999 at 12:31:40AM -0500, Jared Mauch wrote:
> I've had a problem recently with people breaking root
> and installing accounts with *no* uid in their pw file entry,
> that way everything comes up with zero for the uid, giving
> the user root privs. I'm not sure how they're obtaining root yet,
> but i've patched pwd_mkdb so they can't rebuild the pw file with
> this being the case (which it should check for anyways).
>
> here's the patch:
Note that this can simpler be written as
Index: pw_scan.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/pwd_mkdb/pw_scan.c,v
retrieving revision 1.6
diff -u -r1.6 pw_scan.c
--- pw_scan.c 1997/10/10 06:27:06 1.6
+++ pw_scan.c 1999/01/08 12:55:05
@@ -78,7 +78,12 @@
if (!(p = strsep(&bp, ":"))) /* uid */
goto fmt;
- if(p[0]) pw->pw_fields |= _PWF_UID;
+ if (p[0])
+ pw->pw_fields |= _PWF_UID;
+ else {
+ warnx("no uid for user %s", pw->pw_name);
+ return (0);
+ }
id = atol(p);
if (root && id) {
warnx("root uid should be 0");
by hanging off the old field check that wollman added when we added
'pw_fields'. This seems to indicate that he considered an empty UID
as a valid case. I don't see why, so I would appreciate Garrett would
followup and tell me :-) passwd(5) does not indicate that an empty UID
field is valid.
Eivind.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990108140417.E348>