Bugtraq mailing list archives
Re: Linux UID/GID 'Feature'
From: morgan () PARC POWER NET (Andrew G. Morgan)
Date: Sun, 11 May 1997 19:33:52 -0700
Jon Lewis wrote:
This looks like Red Hat PAM breakage. I verified it works (gives root) on my Red Hat 4.1 box, but it does not on any of my Slackware based boxes that are shadow upgraded.
As has been pointed out, it is actually a libc problem. The pam_unix_....so modules use libc, so these modules will exhibit this unfortunate behavior. Admins should beware that if libc has a hand in the process of changing a user's password the corresponding UID entry in /etc/passwd will be explicitly reset to 0. Fortunately, pam_pwdb (a plug-in replacement for pam_unix_..), which does not use libc for any authentication related actions, does not suffer from this problem. So Linux-PAM based systems can be made resistant to this "administrative problem" by putting pam_pwdb in all the places that their pam configuration refers to pam_unix_... PS. I'd really like to hear from anyone that _can_ break Linux-PAM in any way... [Use the "source" (Luke ;^)] Cheers Andrew -- Linux-PAM, libpwdb, Orange-Linux and Linux-GSS http://parc.power.net/morgan/index.html
Current thread:
- Linux UID/GID 'Feature' David Phillips (May 10)
- Re: Linux UID/GID 'Feature' Steve \ (May 11)
- Re: Linux UID/GID 'Feature' Ariel Biener (May 11)
- Yet another WinNuke page. Nobody (May 11)
- Re: Linux UID/GID 'Feature' Jim Trocki (May 11)
- Re: Linux UID/GID 'Feature' Jon Lewis (May 11)
- more DoS fun Ghent (May 11)
- Re: Linux UID/GID 'Feature' Andrew G. Morgan (May 11)
- sendmail 8.8.6 Beta release available Jason R Mastaler (May 11)
- New Win95 OOB fix allows Netbios to be used Aaron Weintraub (May 12)
- UPDATE TO OOB FIX Aaron Weintraub (May 12)
- Re: New Win95 OOB fix allows Netbios to be used Ian MacPhedran (May 13)
- UPDATE TO OOB FIX Wojciech Swieboda (May 13)
- Re: ELM overflow security () home bti pl (May 14)
- Re: ELM overflow Michel GAUDET (May 16)
- potential root exploit with help from sam (HP-UX 10.x) David Hyams (May 14)
- Re: potential root exploit with help from sam (HP-UX 10.x) Trevor Schroeder (May 14)
- Sun Security Bulletin #00140 Sun Security Coordination Team (May 14)