Path: utzoo!attcan!uunet!snorkelwacker!usc!cs.utexas.edu!rice!sun-spots-request
From: leadley@uhura.cc.rochester.edu (Scott Leadley)
Newsgroups: comp.sys.sun
Subject: Design error in Sun shadow password system
Keywords: Software
Message-ID: <10118@brazos.Rice.edu>
Date: 20 Jul 90 15:58:44 GMT
Sender: root@rice.edu
Organization: Sun-Spots
Lines: 18
Approved: Sun-Spots@rice.edu
X-Sun-Spots-Digest: Volume 9, Issue 273, message 9
Originator: spots@titan.rice.edu

There is no locking mechanism for /etc/security/passwd.adjunct.  This
leaves open the possibility of two (or more) people editing the file
simultaneously.  Also, using vipw does not block password updates (it
should give the message "passwd: password file busy - try again.") and
leaves open another avenue for simultaneous updates.

This is in addition to some substantial implementation errors (in 4.0.3):

- passwd doesn't use the ##tag as the index into the passwd.adjunct file,
  but uses the username instead.

- the "secure" designation in /etc/ttytab is ignored when booting and
  shutting down.  The root password is always requested.

If Sun is serious about their C2 security, these problems should be fixed
ASAP.

Scott Leadley - leadley@cc.rochester.edu