[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pwdb breakage



On Fri, 30 May 1997, Michael K. Johnson wrote:

> One more related problem with pam_pwdb -- if a user's entry in /etc/passwd
> has a * (note: NOT an x), and the /etc/shadow entry is blank, the user,
> rather than being locked out, is let in without being queried for a password
> (assuming null_ok is set).

For similar reasons as why the /etc/shadow is honored when /etc/passwd
lists an '*' instead of 'x' as a password. This is a bug.

> This is a security hole.  So, do I get my name on the web page as someone
> who has broken pam, and therefore deserves respect?  :-)

Well, if you have root# on your machine, you can break anything and you
can be listed everywhere you want :-)

Best wishes,
		Cristian Gafton
--
--------------------------------------------------------------------
Cristian Gafton                                    gafton@sorosis.ro
Computers & Communications Center              Network Administrator
http://www.sorosis.ro/~gafton                          Iasi, Romania
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
UNIX is user friendly. It's just selective about who its friends are.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []