Xref: utzoo comp.unix.questions:9631 comp.bugs.sys5:611
Path: utzoo!attcan!uunet!cos!hqda-ai!jay
From: jay@hqda-ai.ARPA (Jay Hiser)
Newsgroups: comp.unix.questions,comp.bugs.sys5
Subject: Re: Dangers of vi & passwd (Was Re: SVR3 passwd changes mode of passwd file)
Summary: undocumented feature with surprising consequences
Keywords: vi passwd lookout
Message-ID: <13215@hqda-ai.ARPA>
Date: 6 Oct 88 18:47:43 GMT
References: <3394@dunkshot.mips.COM> <1235@cbnews.ATT.COM> <426@fciva.FRANKLIN.COM> <472@stiatl.UUCP> <5687@killer.DALLAS.TX.US>
Reply-To: jay@hqda-ai.ARPA (Jay Heiser)
Organization: CBSI@Washington, D.C.
Lines: 27

Not only is it a really bad idea to edit /etc/passwd without locking
it (normally /etc/ptmp is the lock file), but SysV vi has an interesting
bug/feature that can cause a problem.

CCI, our SysV vender, has just posted a bulletin warning that vi has
an undocumented feature.  "[it was] designed to look for the
occurrence of a line that starts with the string "ei:" and use the
characters following the ei: as editor commands.  This is NOT
documented."

In other words, if someone on your system has a userid 'ei',
unexpected things will happen if you use vi to edit the password file.
The bulletin only warns about SysV versions of vi (specifically on
tahoes and Power 5/32s).
 
Watch out with the /etc/group & inittab files too.

ONE MORE CONCERN:  if you've implemented password aging (I think its
an excellent idea, sysV does exercise some control over changed
passwords, so its fairly secure -- its a good idea for our conditions
at least), users must change their password at login once they've
expired.  If you're hacking around in the password file & its locked,
they won't be able to login until you're done.  Be aware.

Jay Heiser

The Phantom SysAdmin