gretzky@unison.larc.nasa.gov (Mitch Wright - X47469) (03/31/89)
I sent out a message to sun-spots about a bug in chfn that is in SunOS4.0[.1]. I would like to say a bit more about it.... to disable the bug you must not allow users to execute chfn. This in turn affects chsh and passwd. Even if you remove chfn, someone can "ln -s" to it (ln -s /usr/bin/chsh ~/chfn) and then use chfn normally, or abnormally. The bug deals with overflowing the getpwent. I have automated the process by writing a script that executes chfn and creates a user with an entry similar to this: aaaaaaaa::0:0::: I have acomplished the same thing on a Sun386i (as if I expected something different). If there are any questions, I'll be more than happy to try and help. If you want a copy of the shell script that will prove (beyond doubt) that this actually works, have root on your system mail me a message requesting the script and I will send it back to root. Please specify a mail path relative to a well know system (ie. titan.rice.edu, ucbvax.berkeley.edu, uunet.uu.net). Please note that there will be a disclaimer with the shell script stating that I am not responsible for any damage to your system from running my shell script. I am only providing this script to help you insure that your system does/does not have the problem. I have yet to see a 4.0 system that doesn't. -=>gretzky<=- ..mitch