Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!brutus.cs.uiuc.edu!apple!zorba!dtynan
From: ron@hardees.rutgers.edu (Ron Natalie)
Newsgroups: comp.unix
Subject: Re: Passwd file
Message-ID: <3457@zorba.Tynan.COM>
Date: 10 Sep 89 01:18:09 GMT
References: <3474@altos86.Altos.COM>
Sender: dtynan@zorba.Tynan.COM
Organization: Rutgers Univ., New Brunswick, N.J.
Lines: 10
Approved: dtynan@zorba.Tynan.COM


You put ::0:0:: lines in your password file so that
anyone on the system can do su "" and get a root shell.
Some stupid programs that deal with the password file
make blank lines into those entries.  They should not
be there.  Note, that there is a difference between that
and the similar line with a "+" in it that sun uses for
yellow pages hooking.

-Ron