Do not use blank lines in /etc/passwd
Don Steiny
steiny at scc.UUCP
Wed Oct 22 05:02:33 AEST 1986
In article <2837 at rsch.WISC.EDU>, mcvoy at rsch.WISC.EDU (Lawrence W. McVoy) writes:
> > use nearly-blank lines like
> >
> >x:*:0:0: ::
>
> Umm, could be sort of a security hole in itself: if anyone can make a
> a match to the "*" you have let them enter the system as root (uid==0).
I am sure many people will point this out, but '*' represents
the ENCRYPTIFIED password, which must have a two character key and thus
be at least 3 characters. There is no possiblity of '*' ever being
a password.
--
scc!steiny
Don Steiny @ Don Steiny Software
109 Torrey Pine Terrace
Santa Cruz, Calif. 95060
(408) 425-0382
More information about the Comp.unix.wizards
mailing list