Bugtraq mailing list archives

Re: [8lgm]-Advisory-7.UNIX.passwd.11-May-1994

From: casper () fwi uva nl (Casper Dik)
Date: Fri, 13 May 94 18:23:53 +0200

Since SUNs come with a yppasswd program which is also suid'ed (and is
bit for bit identical to passwd -- chfn, chsh, ypchfn, ypchsh are all
links to passwd, but yppasswd is a separate copy.), it needs to be
updated also (seems to not have the -F switch, but do
       ln -s /bin/yppasswd /tmp/passwd
       /tmp/passwd -F
and you are back where you started from.)


For those sites with a user population that exists in NIS
maps exclusively, a simple chmod u-s /bin/passwd suffices.
We have no users with valid passwords in /etc/passwd, except for root,
in /etc/passwd.  We've run /bin/passwd w/o set-uid for some time, works
ok.

Casper

Current thread:

Re: [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 Howie Kaye (May 13)
- Re: [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 Casper Dik (May 13)
- trojans on ftp sites Christopher Klaus (May 13)
- Re: [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 John Hawkinson (May 13)
- <Possible follow-ups>
- Re: [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 Gene Spafford (May 15)