[olug] Scripting

Brian Roberson brian at bstc.net
Sat Nov 18 17:34:32 UTC 2000

---- Original Message -----
From: "Mark A. Martin" <mmartin at amath.washington.edu>
To: <olug at bstc.net>
Sent: Saturday, November 18, 2000 8:20 AM
Subject: Re: [olug] Scripting

> I'm not at all trying to dis Brian but there are a few security problems
> in what he outlined that you should be aware of.  He indicated one of
> them in his comments.  I'd like to point them out and suggest ways of
> fixing them.
Easy hoss ;-)

> As Brian suggests in his comment, you need to come up with a scheme to
> introduce randomness in your passwords.  As he implies, you should not
> use the date to do this, as he does in his example.  The date is easily
> guessed, which could lead to someone cracking your passwords.  (The
> possibility of cracking is greatly magnified because you are generating
> so many passswords.)  A better approach is to use the checksum of the
> output from rapidly varying system information such as the output of ps,
> which a cracker on the outside would not have access to and which a
> local user would have trouble capturing at the same moment that you're
> using it.  There is an example of this on pp 223-4 of the 2nd edition of
> "Programming Perl" in the discussion of the srand function.  (Sorry, I
> haven't able to afford the 3rd edition yet.)  The documentation for
> srand in the perlfunc section of the HTML version of the perl manual
> contains the same discussion.  The perl manual is probably on your
> system under /usr/doc.  (The relevant page is located at
> /usr/doc/perl-5.00503/manual/pod/perlfunc/srand.html on my system.)

subst((rand) 0, 4);
..... much better example

> Another security problem with Brian's example is that it doesn't set
> permissions on the new password file and builds the new file in /tmp,
> which is world writable.  Someone with an account on your system who

Wrong, I have never seen a *NIX distribution with a umask set to 000 (
unless someone explicitly set's it that way ) that said, normally if you are
root, the umask is set to 022 making it group/world readable only.

> wanted to gain access to other accounts could possibly
> i) get a copy of all or part of the new password file between the times
> when
>    the script begins building the file in /tmp and moves it to
> /etc/passwd
> or
> ii) replace /tmp/newpasswd with their own version of the passwd file
> after
>     the new version is written and before it is moved

The deal is that if the password file is shadowed, the root password is not
in the passwd file so there WONT be a password in the new temporary password

> depending on the file creation mode mask of the parent shell running the
> script.  Either one of these may take a few tries with a script but they
> are fairly easily done.  It only takes retrieving a portion of the
> password file to compromise your system.  To prevent this, you may want
> to set permissions on /tmp/newpasswd so that only the user of the script
> can read or write to the file or create the new password file in a
> directory that other users on the system cannot access.  If /etc/passwd
> is world readable, as it is on most systems, someone could also copy the
> password file before it is shadowed.  So, you may want to make sure that
> /etc/passwd is not world readable.  (Of course, this could cause
> conniptions in other programs on your system that use /etc/passwd, if
> there are any.)

WRONG!!! BAD!!!!
/etc/passwd must ALWAYS be world readable, with or without shadowed
passwords. the file that should not be world readable if you ARE using
shadowed passwords is /etc/shadow
if /etc/passwd is not world readable, you will BREAK alot of stuff!!

Just as a side note.... when I wrote the original reply, I was havily
intoxocated, so dont take everything in it literally, I thought I put a
similar disclaimer in the orignal post.



To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net

More information about the OLUG mailing list