Path: utzoo!attcan!uunet!auspex!guy
From: guy@auspex.UUCP (Guy Harris)
Newsgroups: comp.unix.wizards
Subject: Re: Implications of recent virus (Trojan Horse) attack
Keywords: virus security
Message-ID: <445@auspex.UUCP>
Date: 12 Nov 88 21:25:20 GMT
References: <1698@cadre.dsl.PITTSBURGH.EDU> <2151@ficc.uu.net> <8845@smoke.BRL.MIL> <14465@mimsy.UUCP> <1723@cadre.dsl.PITTSBURGH.EDU>
Reply-To: guy@auspex.UUCP (Guy Harris)
Distribution: na
Organization: Auspex Systems, Santa Clara
Lines: 22

>Or, to keep someone else from doing this, remove lines like:
>
>::0:0::
>
>from your password file. Most Sun systems have this as a default
>(stupid!).

Excuse me, but to what are you referring?  Most Sun systems have a line
like

	+::0:0:::

as a default, but this is INequivalent to

	::0:0::

Lines of the latter sort are generated by the scenario Doug Gwyn
described; the problem is that "getpwent" doesn't, in some systems,
check that the login name field is non-null before returning a value. 
(S5R3's version checks, but unfortunately returns NULL rather than
skipping the invalid entry, which causes programs to think a blank line
in "/etc/passwd" is really the end of the file.)