[Prev][Next][Index][Thread]
Re: Shadow Passwording
On Sun, 15 Dec 1996, Alexandre Khalil wrote:
> On Sun, 15 Dec 1996, Biener Ariel wrote:
> >On Sun, 15 Dec 1996, Yaron wrote:
>
> >> Since some people asked about it over the dinner (which nobody has yet
> >> summerized, I'm proud of you all), I have placed a precompiled version of
> >> the Shadow-Suite (A bit outdated but still works) on anonymous FTP at
> >> ftp://starlight.trendline.co.il/pub/shadow
>
> >> Also there are binaries for wu-ftpd, xlockmore and XDM, along with the
> >> Shadow-howto.
>
> >Umm, if we're talking about password files, and the most critical binaries
> >for login and authentication, I would rather not install any outdated
> >shadow suites.
>
> The shadow suite does not change that often. Even, shadow-ina-box is 6
> months old. And it takes a very long time to recompile it yourself.
> Especifically if you go and grab the latest-and-greatest pieces one by
> one.
>
> shadow-960129.tar.gz 04-Feb-96 00:57 221k
> shadow-ina-box-1.1.tgz 31-Jul-96 23:10 2M
>
> I would have been very happy to have a package available when I needed
> it.
>
> >By the way, anyone found a way to prevent running strace on programs to
> >see the root password encrypted ???
> >
> >This for example does it nicely:
> >
> >strace ps >&/tmp/out
> >
> >now, when browsing the output...
> >
> >open("/etc/shadow", O_RDONLY) = 7
> >fstat(7, {st_mode=S_IFREG|0640, st_size=1078, ...}) = 0
> >mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|0x20, 4294967295, 0) =
> >0x400c300
> >0
> >read(7, "root:SBLfvCRM6JzrI:9737:0:99999:"..., 4096) = 1078
> > ^^^^^^^^^^^^^
>
> Using your example and ps from procps version 0.99 [ps --version], I
> get:
>
> ------------------------------------------------------
> open("/etc/passwd", O_RDONLY) = 6
> fstat(6, {st_mode=S_IFREG|0644, st_size=8467, ...}) = 0
> mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|0x20, 4294967295, 0) =
> 0x4000800
> 0
> read(6, "root:x:0:0:root:/root:/bin/tcsh\n"..., 4096) = 4096
> ------------------------------------------------------
>
> And no mention of /etc/shadow, which would have been difficult as the
> ps binary is not suid'ed [ls -l `which ps`] and /etc/shadow has
> restricted access
>
> -rwxr-xr-x 1 root bin 35859 May 25 1996 /bin/ps*
> -rw------- 1 root root 4832 Dec 10 01:02 /etc/shadow
should be -rw-r----- 1 root shadow if you want xdm/xlock to work.
>
> You might want to upgrade ps [procps-1.01 is on sunsite in
> system/Status/ps] and make sure it is not suid'ed [and it should not be].
I am running procps 1.01
>
> This being said; it might be the case that using strace on an suid'ed
> binary such as su might get better results. Over here [strace su
> >&/tmp/out] yields
strace will not run suid programs, since execvp() wont run suid's , as I
recall.
>
> strace: exec: Operation not permitted
>
> alex
>
weirdly enough, my home Linux has no prob with the strace ps, while my
work one does. SO eithet I have installed two different shadow suites, for
which I should be kicked, or I dunno what...
--Ariel
+---------------------------------------------------------+
| Ariel Biener |
| e-mail: ariel@post.tau.ac.il Work ph: 03-6406086 |
+---------------------------------------------------------+
Follow-Ups:
References: