Path: utzoo!attcan!uunet!auspex!guy
From: guy@auspex.UUCP (Guy Harris)
Newsgroups: comp.unix.wizards
Subject: Re: Implications of recent virus (Trojan Horse) attack
Keywords: virus security
Message-ID: <452@auspex.UUCP>
Date: 15 Nov 88 02:25:43 GMT
References: <1698@cadre.dsl.PITTSBURGH.EDU> <2151@ficc.uu.net> <8845@smoke.BRL.MIL> <14465@mimsy.UUCP> <1723@cadre.dsl.PITTSBURGH.EDU> <445@auspex.UUCP> <1729@cadre.dsl.PITTSBURGH.EDU>
Reply-To: guy@auspex.UUCP (Guy Harris)
Distribution: na
Organization: Auspex Systems, Santa Clara
Lines: 48


 >Excuse ME, but the last four lines of my SunOS 4.0 distribution tape
 >password file are:
 >
 >	+::0:0:::
 >	::0:0:::
 >	::0:0:::
 >	::0:0:::

Ex*cuse* me, but I just looked at the password file on the Sun-3 and Sun-4
1/2" distribution tapes, both on the "root file system" tar file and in
the "Install" optional software component (because it contains the
"prototype" used to install diskless clients).  All of them had

	+:

as the last line in the password file (in fact, I'll bet the password
files were identical).  No blank lines, and certainly no

	::0:0:::

I tried "passwd" with a last line like the one above, and it merely
turned it into

	+::0:0:::

filling in the missing fields; it didn't insert a

	::0:0:::

line.

Now, I can't speak for:

	1) the 1/4" distribution tapes, as we don't have them handy,
	   although I would be *EXTREMELY* surprised if they were any
	   different.

	2) the Sun-2 distribution tapes; see 1)

	3) the Sun386i

but I don't see any indication that the password file, as shipped or set
up by Sun, has any

	::0:0:::

lines in it.