On Tue, 9 Mar 1999, James Clement wrote: > Greetings, > Due to the recent outpouring of DU buffer overflows I thought the > following might be of interest. With the Enhanced Security package > running, authentication info is stored in individual files according to > username. In this case /tcb/files/auth/r/root for root and so on. I am not > aware of any built in method for creating the equivalent of your everyday > unix /etc/shadow file. As a result it is probable that many DU systems > have not weeded out poor choices for passwords through the use of a > program such as Crack since each encrypt is stored in a separate file. > Though trivial once root is compromised, a would be attacker might > have an easy time obtaining passwords because of this "feature". The > program below outputs a crackable shadow file. > > > Regards, > James Clement > > > It WAS primarily stored this way. Recent versions however normally store everything in a DBM style file called auth.db unless you force it otherwise or already are using the separate file approach. And as noted, you do need root to run the program. But if you are root you don't really need it. A simple Perl script or even simpler shell script will do. Normally the /tcb/files/ tree is owned by auth.auth and not world readable. But, um, if you're root all bets are off anyway. You don't actually need the passwords. Besides, there are uses for the separate file approach. ------------------------------------------------------------------------------ Chris Johnson |Internet: johnsonat_private Assistant Director, Systems |Web: http://www.dac.neu.edu/dac/c.johnson Division of Academic Computing |Voice: 617.373.3300 Northeastern University, 39 RI |FAX: 617.373.8600 360 Huntington Ave. |If ignorance is bliss, why aren't there more Boston, MA., U.S.A. 02115 |happy people? Tea bag tag ------------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:38:27 PDT