> Excuse me, but I was under the impression that the passwd file *has* to be
> readable to the world in order for certain programs to access information
> (e.g., finger, login, sendmail, etc.). Just wondering how you circumvent
> the laws of Unix.
You're quite correct.
> Also, I suppose password shadowing can be defeated by calls to getpwent().
Only on a seriously broken system. Linux gets around this by
requiring the use of getspwent(), and BSD gets around it by not having
getpwent() return the password in the passwd struct if you're not
priviledged to read the spwd.db or master.passwd files.
> Read the alt.2600/#hack FAQ for more information. Also use archie or some
> other ftp searcher for "unshad.c". Compile and run, it is supposed to
unshad.c took advantage of a very, very historically corrected bug.
Run it if you wish to have visual confirmation of the fact that it's
correcte,d, but I'd be relatively surprised if you could make it work on
almost any modern system.
> display the shadowed file. It doesn't work on certain systems, don't ask
^certain^most
> me why, I am just happy it doesn't crack ours. There are probably a
> multitude of other ways, of course, which is a good reason to keep an eye
> on alt.security.unix.
Sure. Hack root on the system. Find a misconfigured system. Etc.
It's worth noting that your news server could use a nice sendmail upgrade.
:) (sorry). Almost all passwd interface libraries depend on the access
permissions of the process running them - there's no risk of an
unpriviledged process getting access to the data unless some dork left a
file world readable.
-Dave Andersen
-- angio@aros.net Complete virtual hosting and business-oriented system administration Internet services. (WWW, FTP, email) http://www.aros.net/ http://www.aros.net/about/virtual "There are only two industries that refer to their customers as 'users'."