[Prev][Next][Index][Thread]

Re: Shadow Passwording



On Sun, 15 Dec 1996, Alexandre Khalil wrote:

> On Sun, 15 Dec 1996, Biener Ariel wrote:
> >On Sun, 15 Dec 1996, Yaron wrote:
> 
> >> Since some people asked about it over the dinner (which nobody has yet
> >> summerized, I'm proud of you all), I have placed a precompiled version of
> >> the Shadow-Suite (A bit outdated but still works) on anonymous FTP at
> >> ftp://starlight.trendline.co.il/pub/shadow
> 
> >> Also there are binaries for wu-ftpd, xlockmore and XDM, along with the
> >> Shadow-howto. 
> 
> >Umm, if we're talking about password files, and the most critical binaries
> >for login and authentication, I would rather not install any outdated
> >shadow suites. 
> 
>   The shadow suite does not change that often.  Even, shadow-ina-box is 6
> months old. And it takes a very long time to recompile it yourself.
> Especifically if you go and grab the latest-and-greatest pieces one by
> one.
> 
>  shadow-960129.tar.gz   04-Feb-96 00:57   221k
>  shadow-ina-box-1.1.tgz 31-Jul-96 23:10     2M
> 
>   I would have been very happy to have a package available when I needed
> it.
> 
> >By the way, anyone found a way to prevent running strace on programs to
> >see the root password encrypted ???
> >
> >This for example does it nicely:
> >
> >strace ps >&/tmp/out
> >
> >now, when browsing the output...
> >
> >open("/etc/shadow", O_RDONLY)           = 7
> >fstat(7, {st_mode=S_IFREG|0640, st_size=1078, ...}) = 0
> >mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|0x20, 4294967295, 0) =
> >0x400c300
> >0
> >read(7, "root:SBLfvCRM6JzrI:9737:0:99999:"..., 4096) = 1078
> >              ^^^^^^^^^^^^^
> 
>   Using your example and ps from procps version 0.99 [ps --version], I
> get:
> 
> ------------------------------------------------------
> open("/etc/passwd", O_RDONLY)           = 6
> fstat(6, {st_mode=S_IFREG|0644, st_size=8467, ...}) = 0
> mmap(0, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|0x20, 4294967295, 0) =
> 0x4000800
> 0
> read(6, "root:x:0:0:root:/root:/bin/tcsh\n"..., 4096) = 4096
> ------------------------------------------------------
> 
>   And no mention of /etc/shadow, which would have been difficult as the
> ps binary is not suid'ed [ls -l `which ps`] and /etc/shadow has
> restricted access
> 
> -rwxr-xr-x   1 root     bin         35859 May 25  1996 /bin/ps*
> -rw-------   1 root     root         4832 Dec 10 01:02 /etc/shadow

should be -rw-r-----	1 root	  shadow  if you want xdm/xlock to work.

> 
>   You might want to upgrade ps [procps-1.01 is on sunsite in
> system/Status/ps] and make sure it is not suid'ed [and it should not be]. 

I am running procps 1.01
> 
>   This being said; it might be the case that using strace on an suid'ed
> binary such as su might get better results.  Over here [strace su
> >&/tmp/out] yields

strace will not run suid programs, since execvp() wont run suid's , as I
recall.
> 
> strace: exec: Operation not permitted
> 
> alex
> 
weirdly enough, my home Linux has no prob with the strace ps, while my
work one does. SO eithet I have installed two different shadow suites, for
which I should be kicked, or I dunno what...

--Ariel

   +---------------------------------------------------------+
   | Ariel Biener                                            |
   | e-mail: ariel@post.tau.ac.il        Work ph: 03-6406086 |
   +---------------------------------------------------------+


Follow-Ups: References: