Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!uflorida!cypress.cis.ufl.edu!bb
From: bb@cypress.cis.ufl.edu (Brian Bartholomew)
Newsgroups: comp.sys.hp
Subject: Re: ARPA Services Problems on 7.0
Summary: Gratuitous change in /etc/group semantics?
Keywords: Different New Misleading
Message-ID: <23703@uflorida.cis.ufl.EDU>
Date: 28 Jun 90 06:34:47 GMT
References: <UaU1mcC00WB88BGKNs@andrew.cmu.edu> <5570437@hpfcdc.HP.COM>
Sender: news@uflorida.cis.ufl.EDU
Reply-To: bb@beach.cis.ufl.edu (Brian Bartholomew)
Distribution: usa
Organization: UF CIS Department
Lines: 18

In article <5570437@hpfcdc.HP.COM> rml@hpfcdc.HP.COM (Bob Lenk) writes:
>As such, a null password in the group file is not a security hole.  It is
>equivalent to a star, except that a star will cause newgrp to prompt
>the user for a password when it will never match.

I tried this, and found out that you are correct.  I am glad to see that
such a gaping hole was not overlooked.  Now, my next question, is why
was this behavior changed?  To my (limited) knowledge, these semantics
are different from both Sys V and BSD derivative systems that I have
used.  Was there a reason for this change, or was it gratuitous?

I DO hope these changes were made in setgid(2), rather than in newgrp(1).

--
"Any sufficiently advanced technology is indistinguishable from a rigged demo."
-------------------------------------------------------------------------------
Brian Bartholomew	UUCP:       ...gatech!uflorida!beach.cis.ufl.edu!bb
University of Florida	Internet:   bb@beach.cis.ufl.edu