Path: utzoo!utgpu!watserv1!watmath!att!bellcore!rutgers!tut.cis.ohio-state.edu!zaphod.mps.ohio-state.edu!usc!snorkelwacker!spdcc!ima!minya!jc From: jc@minya.UUCP (John Chambers) Newsgroups: comp.protocols.tcp-ip Subject: Re: abolishing /etc/passwd (was Re: anonymous ftp, and the dangers thereof) Message-ID: <404@minya.UUCP> Date: 12 Jun 90 03:10:21 GMT References: <9006060704.AA02343@WLV.IMSD.CONTEL.COM> <37166@think.Think.COM> Lines: 44 In article <37166@think.Think.COM>, barmar@think.com (Barry Margolin) writes: > In article <9006060704.AA02343@WLV.IMSD.CONTEL.COM> sms@WLV.IMSD.CONTEL.COM (Steven M. Schultz) writes: > >just a "thought" - if the (shadow)file is non-world readable and the > >system is administered "correctly" then why bother with > >encryption at all ;-) > > I'm not sure how non-serious that smiley represents. The serious answer is > that even system administrators should not be able to find out a user's > password. Sure, they don't need to know the user's password to violate the > user's files. But if they know someone's password then they could > accidentally (or through coercion) divulge it to someone else. Some years back, I saw an enlightening instance of all of the above. The participants shall remain nameless; the OS was Univac's EXEC8 on the 1108, for which every file had both a read and a write password. The system stored these internally in an unencrypted form, and one of the local games was to try to find holes in the system that let one access them. One of the holes was intentional: There was a system utility that would list files and their passwords, so that an administrator could delete files. One administrator was rather unpopular with users; and one day he got a bunch of guys in the EE and physics departments especially mad at him, so they changed their files to have a read password that was a well-known sexual verb starting with 'f', and a write password that was his name. They took no further action. At the next campus-wide users-group meeting, he got into a dispute with some of them, and in the heat of the moment, he made some rather disparaging remarks about the nature of people who would use obscene insults about him as their passwords. They didn't respond. The next day, they all wrote letters to his superiors complaining about the fact that he had, in a public meeting, made statements that enabled listeners to guess the passwords on their files. It was perhaps just a coincidence, but in very short order he no longer worked there. Myself, I was satisfied with finding one way to do raw disk I/O that showed a few such passwords, then I went on to more interesting work. -- Uucp: ...!{harvard.edu,ima.com,mit-eddie.edu}!minya!jc (John Chambers) Home: 1-617-484-6393 Work: 1-508-952-3274 Cute-Saying: It's never to late to have a happy childhood.