/etc/shadow equivalent without a source license!

Daniel Ray norstar at tnl.UUCP
Thu Apr 6 01:11:16 AEST 1989 

In article <18939 at adm.BRL.MIL>, rbj at dsys.icst.nbs.gov (Root Boy Jim) writes:
> 
> I disagree. Both files, /etc/passwd *and* /etc/shadow should look *exactly*
> alike, except that the passwords in /etc/passwd should be random. Consider:
> 
> The Bad Guy is really, or rather looks like, a Good Guy. That is, he
> has an account on your machine. So he changes his password, and sees
> that /etc/passwd doesn't change, or that the entry remains `x'. You
> have now alerted him to the fact that /etc/passwd is not the real
> file, so he goes looking for the real one. The above reasoning applies
> if he gets a copy of /etc/passwd somehow.

A very good suggestion. I thought of it, but decided that it might be just
too complicated simulating the encrypted keys, and when they are changed.
Maybe I'll do this down the road, however.

> ...
> In any case, there are several solutions to the problem of changing
> /etc/shadow to mode 400 instead of mode 444. The first is the
> hard way; either use bpatch or adb or something else, find the
> constant 444, and change it to 400. Another easier way is to 
> wrap /bin/passwd in another program that simply does a chmod
> after the real /bin/passwd runs. This leaves a small window
> where /etc/shadow could possibly be read however.

I solved this by making the NEW real password file something like
/dir/x/y/ze with the parent directories /dir/x/y being closed. No
chmod necessary, *and* it prevents links to the file.

> 
> 	Catman Rshd <rbj at nav.icst.nbs.gov>
> 	Author of "The Daemonic Versions"

I just got ahold of the excellent public domain /su/passwd/login clone
programs from jfh at rpp386, so I have something new to play with as far
as passwd goes. Fun fun!

norstar
The Northern Lights, Burlington Vermont               |     There *is*
tnl dialins: 802-865-3614 at 300-2400 bps.          ` | /   no real security
------------------------------------------        --- * --- so lets
uucp: uunet!uvm-gen!tnl!norstar or                  / | .   PRETEND!
{decvax,linus}!dartvax!uvm-gen!tnl!norstar            |

More information about the Comp.unix.questions mailing list