Just tested this on Mac OS X Server 10.2 and have found that the behavior is in fact
the same on OS X Server as on the client version. So the XServe point does hold some
water. This is a bit of a disturbing problem, especially since it seems so trivial...
Blake
On Tue, 17 Sep 2002 12:38:24
On Sun, Sep 15, 2002 at 02:28:48PM -0700, Dale Harris wrote:
However Apple hasn't seemed to bother addressing it yet since it
still persists in OS X.2 (Jaguar). You'd think they might have
taken the opportunity to fix this problem with a new major release.
My understanding is that Apple is
Disabling nidump wouldn't help, as this is NetInfo being a little too
generous. You can also use, for example, niutil:
niutil -read . /users/root
You'll note nidump isn't setid-anything, so someone can simply copy it
from another machine.
Bryan
On Sep 15, 2002 14:28, Dale Harris stated:
I cannot reproduce this on my 10.2 system. It does give you the crypted
password ofcurrent user but not the root user. However this does not prevent you
from using'sudo' so in way way you still get root.
/M
Basically any normal user can get a dump of the passwd file and attempt
brute
