Subject: Re: replacement for /etc/passwd
To: None <tech-security@netbsd.org>
From: Alan Post <apost@interwoven.com>
List: tech-security
Date: 12/10/2002 08:06:02
In article <3DF56837.9080104@mukappabeta.de>, Matthias Buelow wrote:
> Alan Post wrote:
>
>> Currently the utilities for changing /etc/passwd are setuid root.
>
> And the problem is?
There was a local root vuln in NetBSD because of this:
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-015.txt.asc
Of course, there are no bugs in the code *now*, right? :)
Alan