Design error in Sun shadow password system
Scott Leadley
leadley at uhura.cc.rochester.edu
Sat Jul 21 01:58:44 AEST 1990
There is no locking mechanism for /etc/security/passwd.adjunct. This
leaves open the possibility of two (or more) people editing the file
simultaneously. Also, using vipw does not block password updates (it
should give the message "passwd: password file busy - try again.") and
leaves open another avenue for simultaneous updates.
This is in addition to some substantial implementation errors (in 4.0.3):
- passwd doesn't use the ##tag as the index into the passwd.adjunct file,
but uses the username instead.
- the "secure" designation in /etc/ttytab is ignored when booting and
shutting down. The root password is always requested.
If Sun is serious about their C2 security, these problems should be fixed
ASAP.
Scott Leadley - leadley at cc.rochester.edu
More information about the Comp.sys.sun
mailing list