Followup to /etc/shadow equivalent without a source license!

Daniel Ray norstar at tnl.UUCP
Fri Mar 10 20:07:49 AEST 1989 

Hi again. Well, I figured out how to implement my scheme to make the password
file unreadable similar to the /etc/shadow file strategy. I was to use bpatch
to overwrite the word "passwd" with the word "shadow" on /bin/su, /bin/passwd,
/etc/login, and other programs that use the password field, so that the real
password file would become "/etc/shadow" and the old password file 
"/etc/passwd" would receive data from shadow but with an "x" in the 2nd field
so that the encrypted password strings would be in the shadow file only. The
shadow file was to be unreadable, but /bin/passwd would always change it to
mode 444 readable by all. I solved the problem by overwriting "/etc/shadow"
with a string such as "/new/d/irec". The new password file would become
"irec" in parent directory /new/d. So if either /new or /new/d were made
mode 700, the file "irec" would be unreadable and its pathname the same
length as "/etc/passwd" to satisfy the bpatch binary edit limitations.

The file /etc/passwd now needs update only if a user is added or removed,
or if a comments field is changed, or the user's home dir or something.
Basically not very often. In addition, certain logins can be fully omitted
from the public /etc/passwd file, such as equivalent-to-root users, and
certain utility logins you don't want the public playing with. This adds
another layer of security. 

The best advangage, however, follows the shadow scheme in adding conceilment
to slow down the efforts of a breakin attempt. My real passwd file is now
an unknown file on the system. Everyone knows to check for /etc/shadow, but
my file is a name unique to this system. Adds that layer of conceilment.
Anyway, I have several emergency contingency routes set up in case security
flops with this new implementation. So far its passed all the tests tho and
seems functionally equivalent to the old method as far as using the programs
go.

Thank-you all for the help you sent via email!

dan ray

norstar
The Northern Lights, Burlington Vermont               |     
tnl dialins: 802-865-3614 at 300-2400 bps.          ` | /   
------------------------------------------        --- * --- 
uucp: uunet!uvm-gen!tnl!norstar or                  / | .   
{decvax,linus}!dartvax!uvm-gen!tnl!norstar            |

More information about the Comp.unix.questions mailing list