[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: chpass/passwd/su/user questions

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: chpass/passwd/su/user questions
From: tdemarti <tdemarti_(_at_)_usc_(_dot_)_edu>
Date: Sun, 8 Oct 2000 14:22:45 -0700 (PDT)

On Sun, 8 Oct 2000, joshua stein wrote:

> tdemarti wrote:
> > Do I also have to chmod u-s /usr/bin/passwd to plug up this security
> > hole?  It seems to be the same binary as the ch* utilities, but it isn't
> > hard-linked to it along with the rest of them?
> 
> apply the patch to fix the security hole.  the suggestion to remove the
> sticky bit was meant to be a temporary fix until you applied the patch
> and recompiled it.

Yeah, I know.  I don't have the source tree installed though due to disk
space limitations and I've never recompiled the kernel or system utilities
yet, so it'll take me some time to figure out and I think I'll wait till I
get a new disk in three months, so I want to plug it up as best I can
now.  But I don't want to disable the users from being able to change
their passwords if I don't need to.  So do I need to?  Or do I just need
to remote the setuser bit from chpass but not passwd?

> <other answers>

Thanks, those all worked/helped.

Thanks,
Thomas.

References:
- Re: chpass/passwd/su/user questions
  - From: joshua stein

Prev by Date: Re: chpass/passwd/su/user questions
Next by Date: Re: OOPS!!
Previous by thread: Re: chpass/passwd/su/user questions
Next by thread: Re: chpass/passwd/su/user questions
Index(es):
- Date
- Thread

Visit your host, monkey.org