Subject: Re: replacement for /etc/passwd
To: None <tech-security@netbsd.org>
From: Alan Post <apost@interwoven.com>
List: tech-security
Date: 12/10/2002 08:06:02
In article <3DF56837.9080104@mukappabeta.de>, Matthias Buelow wrote:
> Alan Post wrote:
> 
>> Currently the utilities for changing /etc/passwd are setuid root.
> 
> And the problem is?

There was a local root vuln in NetBSD because of this:

  ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-015.txt.asc

Of course, there are no bugs in the code *now*, right?  :)


  Alan