Unix security additions

John Tamplin jat at xavax.com
Mon Mar 18 13:09:55 AEST 1991


In article <19099 at rpp386.cactus.org> jfh at rpp386.cactus.org (John F Haugh II) writes:
>>o  Getting the passwords where they can't be publically read
>
>This was done for AIX v2, but has also been done with SVR3.2 and
>BSD.  No one has solved certain problems with transparency - that
>is, making shadowed passwords look and feel like old-style
>publically readable passwords.  This means all the programs that
>used to think pw_passwd was valid are wrong ;-(.  Making matters
>worse, AT&T, BSD, and IBM all fail to converge on a single
>mechanism (and AT&T fails to agree on a single file format for
>there various releases).  So you have a non-standard,
>non-transparent feature ...

I am using a SVR3.2.2 system with shadowed passwords, and the interface
provided is getspent() etc.  After hacking one too many programs to use the
new library calls to get the password, I decided the best way to solve the
problem was to have getpwent() look up pw_passwd in the shadow file iff
euid=root.  This way, programs that are supposed to have access have it in
the same old fashion, and programs that don't get some nonsense password
(either ! or x in the implementations I have seen).

Maybe one of these days I will get around to actually writing this.

-- 
John Tamplin						Xavax
jat at xavax.COM						2104 West Ferry Way
...!uunet!xavax!jat					Huntsville, AL 35801



More information about the Comp.unix.internals mailing list