19.2 Monitoring File Format

Most programs that access the /etc/passwd and /etc/group files are very sensitive to problems in the formatting of those files, or to bad values. Because of the compact representation of the file, entries that are badly formatted could be hidden.

Traditionally, a number of break-ins to Unix systems have occurred when a program that was designed to write to the /etc/passwd file was given bad input. For instance, early versions of the chfn and yppasswd commands could be given input with ":" characters or too many characters. The result was a badly formatted record to write to the /etc/passwd file. Because of the way the records were written, the associated library routines that write to the file would truncate or pad the entries, and might produce an entry at the end that looked like:

::0:0:::

This type of entry would then allow a local user to become a superuser by typing:

$ su '   '
#

(The above example changes the user to the null-named account.) Clearly, this result is undesirable.

You should check the format of both the passwd and group files on a regular basis. With many versions of Unix with System V ancestry, there are two commands on the system that will check the files for number of fields, valid fields, and other consistency factors. These two programs are pwck and grpck; they are usually found in /etc or /usr/sbin.