Path: utzoo!attcan!telly!lethe!yunexus!ists!helios.physics.utoronto.ca!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!decwrl!ucbvax!ORCHESTRA.ECN.PURDUE.EDU!moyman
From: moyman@ORCHESTRA.ECN.PURDUE.EDU (James M Moya)
Newsgroups: comp.protocols.appletalk
Subject: aufs security warning/fix
Message-ID: <9009072101.AA15458@orchestra.ecn.purdue.edu>
Date: 7 Sep 90 21:01:38 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 33


Much to my dismay, if you have any UNIX accounts with nothing in the
/etc/passwd "password" field, you can "connect" to that account through
aufs (just use the login of that account in the chooser when "aufs connecting",
and hit return) voila! full access!! ...This can cause potential (let your 
imagination run here) damage. 

Here is a quick aufs fix I put in that should do the job...

In afpos.c:
>>   break;
>>  case UAM_CLEAR:
>>    if (!apasswdfile) {
>>      p = (struct passwd *) getpwnam(nam); /* user name */
>>      if (p == NILPWD) {
>>        log("Login: Unknown user %s",nam);
>>        return(aeParamErr);                     /* unknown user */
>>      }
****    if (*p->pw_passwd == NULL) {
****      log("Unauthorized access: you can NOT connect to this account.");
****      return(aeUserNotAuth);
****    }
>>      if (strcmp(crypt(pwd,p->pw_passwd),p->pw_passwd) != 0) {
>>        log("Login: Incorrect password for user %s",nam);
>>        if (!safedebug)
>>          return(aeUserNotAuth);
>>      }
>>    } else {


Mike Moya
Engineering Computer Network
Purdue University