The 'Security Digest' Archives (TM)

Archive: About | Browse | Search | Contributions | Feedback
Site: Help | Index | Search | Contact | Notices | Changes

ARCHIVE: Zardoz 'Security Digest' - Archives (1989 - 1991)
DOCUMENT: Zardoz 'Security Digest' V2 #4 1990-01-25 (1 file, 742 bytes)
NOTICE: recognises the rights of all third-party works.


Date: Thu, 25 Jan 90 12:55:41 PST
Subject: Security Digest V2 #4

Security Digest Volume 2 Issue 4


            Glitch in SunOS distribution passwd files


Date: Thu, 25 Jan 90 10:43:00 EST
From: uunet!umiacs.UMD.EDU!steve
Subject: Glitch in SunOS distribution passwd files

   I thought I'd pass this along just in case no one else has.

--from--    [email protected] (Bob Cunningham)
--subject-- check "atn" and "sundiag" passwd entries in new 4/60s

At least some SPARCstation1s (4/60s) shipped over the last 4-6 weeks with
SunOS4.0.3c pre-installed have one or both of the following entries in

sundiag::0:1:System Diagnostic:/sundiagstart:/bin/csh

Needless to say, both represent security loopholes.

The entries are artifacts of the Automated Test Network used in
manufacturing, and were a temporary glitch in the manufacturing
process that has since been corrected.  Neither should appear as shown
above, only the sundiag entry should appear, and it should have a
disabled password and different directory like this:

sundiag:*:0:1:System Diagnostic:/usr/diag/sundiag:/usr/diag/sundiag/sundiag

The "atn" userid is Sun internal uid that customers should never see.


        End of Security Digest Volume 2 Issue 4