Re: nidump on OS X
Just tested this on Mac OS X Server 10.2 and have found that the behavior is in fact the same on OS X Server as on the client version. So the XServe point does hold some water. This is a bit of a disturbing problem, especially since it seems so trivial... Blake On Tue, 17 Sep 2002 12:38:24 -0400 Jason A. Fager [EMAIL PROTECTED] wrote: On Sun, Sep 15, 2002 at 02:28:48PM -0700, Dale Harris wrote: However Apple hasn't seemed to bother addressing it yet since it still persists in OS X.2 (Jaguar). You'd think they might have taken the opportunity to fix this problem with a new major release. My understanding is that Apple is dumping NetInfo in favor of Open Directory (which is based on LDAP). Hopefully they have proper access-control mechanisms built into that. I can understand their unwillingness to spend time fixing a subsystem that is going away soon. Does Mac OS X Server exhibit the same behavior? Maybe the XServe argument is a moot point. jafager
Re: nidump on OS X
On Sun, Sep 15, 2002 at 02:28:48PM -0700, Dale Harris wrote: However Apple hasn't seemed to bother addressing it yet since it still persists in OS X.2 (Jaguar). You'd think they might have taken the opportunity to fix this problem with a new major release. My understanding is that Apple is dumping NetInfo in favor of Open Directory (which is based on LDAP). Hopefully they have proper access-control mechanisms built into that. I can understand their unwillingness to spend time fixing a subsystem that is going away soon. Does Mac OS X Server exhibit the same behavior? Maybe the XServe argument is a moot point. jafager
Re: nidump on OS X
Disabling nidump wouldn't help, as this is NetInfo being a little too generous. You can also use, for example, niutil: niutil -read . /users/root You'll note nidump isn't setid-anything, so someone can simply copy it from another machine. Bryan On Sep 15, 2002 14:28, Dale Harris stated: Basically any normal user can get a dump of the passwd file and attempt brute force attacks on the encrypted passwds, it includes the root passwd. This problem has been around for well over a year, but Apple ignores it: http://www.securitytracker.com/alerts/2001/Jul/1001946.html http://online.securityfocus.com/archive/1/211718 However Apple hasn't seemed to bother addressing it yet since it still persists in OS X.2 (Jaguar). You'd think they might have taken the opportunity to fix this problem with a new major release. This obviously isn't such a big problem when you are dealing with only limited access desktop systems, but Xserve exists now, and I would think it'd be a bigger concern. Course you could always chmod 700 nidump. -- Dale Harris [EMAIL PROTECTED] /.-)
Re: nidump on OS X
I cannot reproduce this on my 10.2 system. It does give you the crypted password ofcurrent user but not the root user. However this does not prevent you from using'sudo' so in way way you still get root. /M Basically any normal user can get a dump of the passwd file and attempt brute force attacks on the encrypted passwds, it includes the root passwd.
