Sun Patch Id #102060-01

Mitch Wright (mitch@oz.com)
Sun, 18 Dec 1994 18:18:05 -0800

So does anybody know more about this one???  I've tried a few things, but
haven't figured it out yet.  This wasn't mentioned here yet was it??

This is relevant parts of the README file from the patch release.  If you
want the entire patch -- URL ftp://sunsolve1.sun.com/pub/patches/patches.html
and click on the README file for this patch...

Patch-ID# 102060-01
Keywords: security, SunOS, 4.1.x, passwd, -F, root, race-condition
Synopsis: SunOS 4.1.3_U1: Root access possible via forced passwd race condition
Date: Oct/28/94

Solaris Release: 1.1.1

SunOS Release: 4.1.3_U1

Xref: Patch 102023 is the 4.1.2, 4.1.3, 4.1.3C version of this patch.

Relevant Architectures: sparc

BugId's fixed with this patch: 1169007

Patches required with this patch: 

Obsoleted by: 4.1.4, 5.x

Files included with this patch: 

   /usr/bin/passwd

Problem Description: 

   1169007: Security: Root access possible on SunOS 4.1.x via forced passwd
            race condition.

Patch Installation Instructions: 

[...]

   This patch restricts the use of the passwd command's -F option to root,
   unless the system administrator explicitly permits non-root users to
   use the option for specifically-identified alternate password files.

   If you wish to permit such use, set up a file called /etc/pwfiles
   containing a line for each full path you wish to allow non-root users
   to specify as an argument to the -F option.  Lines in /etc/pwfiles
   which do not begin with a "/" character are treated as comments; this
   effectively allows non-root users to use only fully-specified paths
   with -F.  The use of the /etc/pwfiles file in this way is analogous to
   the way the /etc/shells file is used by the passwd command to restrict
   the shells non-root users can set up for themselves (you can see the
   passwd man page for more information on the /etc/shells file).

   Unauthorized non-root use of the -F flag produces the message:

         passwd: -F may not be specified for file <-F arg>.