gwyn@brl-smoke.ARPA (Doug Gwyn ) (02/09/86)
> BEWARE: In /etc/passwd blank or otherwise badly formatted lines can > cause *extremely* anomalous behaviour. This is an understatement. Any time a line of /etc/passwd is edited so that it contains the wrong number of fields, subsequent updating (e.g., by the "passwd" command) can produce one or more lines in /etc/passwd of the form ::0:0::: which has the interesting consequence that one can "log in" using a null username, not have to give a password, and end up as superuser. This problem was fixed in the /etc/passwd-reading library routines in UNIX System V, but not in 4.2BSD. I have seen this problem occur several times.