On Mon, Sep 03, 2001 at 12:22:50PM +1000, Benjamin Gardiner wrote: [snip] > Anyway to get to the core of the matter, I was looking through the > file structure, looking at some of the config files, and such, when I > happened to look in /var/backups in var/backups there was one file called: > "local.nidump" > > This is a file which contains from what I can tell a fair part if not all > of the information stored in the netinfo database, including users and > passwords. > > Here is the information for a user I created for this purpose: > > "_shadow_passwd" = ( "" ); > "_writers_passwd" = ( "test" ); > "hint" = ( "" ); > "uid" = ( "502" ); > "_writers_hint" = ( "test" ); > "gid" = ( "20" ); > "realname" = ( "test" ); > "name" = ( "test" ); > "passwd" = ( "Fnh1eLU0U6o12" ); > "shell" = ( "/bin/tcsh" ); > "home" = ( "/Users/test" ); > "sharedDir" = ( "Public" ); > > > The issue is that my user "test" was created without the option to > administer the system (by default root isn't enabled in Mac OS X.) This > user though could access and copy and read this file, via a shell and also > via ftp (please note again things like ssh and ftp are not started by > default they have to be enabled in sharing under system preferences. the same information as above can be gained with the command: nidump passwd . (iirc i don't have any OSX systems around anymore) which dumps an unshadowed passwd file in pretty much the same format as you would find on a GNU/Linux or BSD system. any unprivileged user may run this command, nidump is not suid nor sgid so changing its permissions will do nothing, contrary to some suggestions to do so. (the user may simply grab thier own copy from another machine). -- Ethan Benson http://www.alaska.net/~erbenson/
This archive was generated by hypermail 2b30 : Mon Sep 03 2001 - 08:23:45 PDT