Bugtraq mailing list archives
Re: Digital Unix 4 protected password database.
From: johnson () ISN DAC NEU EDU (Chris Johnson)
Date: Tue, 9 Mar 1999 14:52:55 -0500
On Tue, 9 Mar 1999, James Clement wrote:
Greetings, Due to the recent outpouring of DU buffer overflows I thought the following might be of interest. With the Enhanced Security package running, authentication info is stored in individual files according to username. In this case /tcb/files/auth/r/root for root and so on. I am not aware of any built in method for creating the equivalent of your everyday unix /etc/shadow file. As a result it is probable that many DU systems have not weeded out poor choices for passwords through the use of a program such as Crack since each encrypt is stored in a separate file. Though trivial once root is compromised, a would be attacker might have an easy time obtaining passwords because of this "feature". The program below outputs a crackable shadow file. Regards, James Clement
It WAS primarily stored this way. Recent versions however normally store everything in a DBM style file called auth.db unless you force it otherwise or already are using the separate file approach. And as noted, you do need root to run the program. But if you are root you don't really need it. A simple Perl script or even simpler shell script will do. Normally the /tcb/files/ tree is owned by auth.auth and not world readable. But, um, if you're root all bets are off anyway. You don't actually need the passwords. Besides, there are uses for the separate file approach. ------------------------------------------------------------------------------ Chris Johnson |Internet: johnson () isn dac neu edu Assistant Director, Systems |Web: http://www.dac.neu.edu/dac/c.johnson Division of Academic Computing |Voice: 617.373.3300 Northeastern University, 39 RI |FAX: 617.373.8600 360 Huntington Ave. |If ignorance is bliss, why aren't there more Boston, MA., U.S.A. 02115 |happy people? Tea bag tag ------------------------------------------------------------------------------
Current thread:
- Re: More Internet Explorer zone confusion Oliver Lineham (Mar 08)
- <Possible follow-ups>
- Re: More Internet Explorer zone confusion iversen (Mar 08)
- WinFreez.c Delmore (Mar 05)
- The FPSC-IRCD.txt advisory syg FPSC (Mar 07)
- Digital Unix 4 protected password database. James Clement (Mar 08)
- Re: Digital Unix 4 protected password database. Chris Johnson (Mar 09)
- Re: Digital Unix 4 protected password database. Jon Morgan (Mar 10)
- Re: Digital Unix 4 protected password database. Alec Muffett (Mar 10)
- Re: Digital Unix 4 protected password database. Keith Piepho (Mar 10)
- Re: Digital Unix 4 protected password database. Solar Designer (Mar 13)
- Default password in Bay Networks switches. Jan B. Koum (Mar 10)
- Re: Default password in Bay Networks switches. Dax Kelson (Mar 10)
- Re: Default password in Bay Networks switches. Dax Kelson (Mar 10)
- Re: Default password in Bay Networks switches. Igor Sviridov (Mar 11)
- Re: Default password in Bay Networks switches. Rolf Obrecht (Mar 12)
- Re: The FPSC-IRCD.txt advisory Bjarni R. Einarsson (Mar 09)