Path: utzoo!mnetor!uunet!nbires!hao!gatech!stratus!strick
From: strick@stratus.UUCP (henry strickland)
Newsgroups: sci.crypt
Subject: Re: Unix Password Security
Message-ID: <1045@stratus.UUCP>
Date: 24 Feb 88 21:58:32 GMT
References: <7271@brl-smoke.ARPA> <5289@well.UUCP>
Reply-To: strick@gatech.UUCP (henry strickland)
Distribution: na
Organization: the techwood toaster pastry users group
Lines: 32

In article <5289@well.UUCP> pokey@well.UUCP (Jef Poskanzer) writes:
>Ok, one fix would be to keep the encrypted passwords in a non-world-readable
>file, while leaving the rest of /etc/passwd readable so that nothing breaks.
>Doing this would mean adding a small hack to the getpwent routines, and
>recompiling login and passwd.  But if you don't have source, this is a
>problem.

>              Jef Poskanzer   jef@lbl-rtsg.arpa   ...well!pokey


Only a very few programs use the pw_password field from /etc/passwd:

	1)	/???/login
	2)	/bin/su
	3)	/bin/passwd

			(what else?)

Alter these to use another file (perhaps "/etc/Passwd") for passwords,
which is not readable, and have a sed script convert this to 
/etc/passwd, which is readable, but with the pw_passwd field demolished. 

>But if you don't have source, this is a
>problem.

Even with a binary-only site one can poke a "P" over the "p" in the
string where it appears in the binary.   ( For example, I alter an
instruction in /???/login from a "BLE" to a "BRA"
instruction when it only lets 2 people log on a system... )

-- 
Henry Strickland     <strick@gatech.edu>     gatech!strick   404-676-1313