Date: Fri, 8 Jan 1999 14:04:17 +0100 From: Eivind Eklund <eivind@FreeBSD.ORG> To: freebsd-security@FreeBSD.ORG Cc: wollman@FreeBSD.ORG Subject: Re: 3.0 rel pwd_mkdb problem(patch) Message-ID: <19990108140417.E348@follo.net> In-Reply-To: <19990108003140.A13277@puck.nether.net>; from Jared Mauch on Fri, Jan 08, 1999 at 12:31:40AM -0500 References: <19990108003140.A13277@puck.nether.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 08, 1999 at 12:31:40AM -0500, Jared Mauch wrote: > I've had a problem recently with people breaking root > and installing accounts with *no* uid in their pw file entry, > that way everything comes up with zero for the uid, giving > the user root privs. I'm not sure how they're obtaining root yet, > but i've patched pwd_mkdb so they can't rebuild the pw file with > this being the case (which it should check for anyways). > > here's the patch: Note that this can simpler be written as Index: pw_scan.c =================================================================== RCS file: /home/ncvs/src/usr.sbin/pwd_mkdb/pw_scan.c,v retrieving revision 1.6 diff -u -r1.6 pw_scan.c --- pw_scan.c 1997/10/10 06:27:06 1.6 +++ pw_scan.c 1999/01/08 12:55:05 @@ -78,7 +78,12 @@ if (!(p = strsep(&bp, ":"))) /* uid */ goto fmt; - if(p[0]) pw->pw_fields |= _PWF_UID; + if (p[0]) + pw->pw_fields |= _PWF_UID; + else { + warnx("no uid for user %s", pw->pw_name); + return (0); + } id = atol(p); if (root && id) { warnx("root uid should be 0"); by hanging off the old field check that wollman added when we added 'pw_fields'. This seems to indicate that he considered an empty UID as a valid case. I don't see why, so I would appreciate Garrett would followup and tell me :-) passwd(5) does not indicate that an empty UID field is valid. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990108140417.E348>