chfn bug
Mitch Wright - X47469
gretzky at unison.larc.nasa.gov
Fri Mar 31 05:23:36 AEST 1989
I sent out a message to sun-spots about a bug in chfn that is in SunOS4.0[.1].
I would like to say a bit more about it....
to disable the bug you must not allow users to execute chfn. This in turn
affects chsh and passwd. Even if you remove chfn, someone can "ln -s" to
it (ln -s /usr/bin/chsh ~/chfn) and then use chfn normally, or abnormally.
The bug deals with overflowing the getpwent. I have automated the process
by writing a script that executes chfn and creates a user with an entry
similar to this: aaaaaaaa::0:0:::
I have acomplished the same thing on a Sun386i (as if I expected something
different). If there are any questions, I'll be more than happy to try
and help. If you want a copy of the shell script that will prove (beyond
doubt) that this actually works, have root on your system mail me a
message requesting the script and I will send it back to root. Please
specify a mail path relative to a well know system (ie. titan.rice.edu,
ucbvax.berkeley.edu, uunet.uu.net). Please note that there will be a
disclaimer with the shell script stating that I am not responsible for any
damage to your system from running my shell script. I am only providing
this script to help you insure that your system does/does not have the
problem. I have yet to see a 4.0 system that doesn't.
-=>gretzky<=-
..mitch
More information about the Comp.sys.sun
mailing list