Implications of recent virus (Trojan Horse) attack

[Guy Harris]

>If this hole exists, it can be traced to getpwent() not being careful
>enough when it parses /etc/passwd records.  See UNIX System V for the
>simplest fix.

If that fix is "have 'getpwent()' return NULL if the entry it looks at
is syntactically incorrect," the fix is simple but rather rude; the net
result is that any program scanning the password file linearly - e.g.,
"passwd" - will think it's at the end of the file if it sees such a
syntactically incorrect line.  Having "passwd" cut off the password file
as soon as it sees a blank line isn't very nice; ignoring the
syntactically-invalid lines, or passing them through unchanged, is
probably a better idea.  The former could be done by having "getpwent"
skip over those entries, rather than return NULL on them; the latter
requires that "passwd" not just naively use "(f)getpwent" and "putpwent"
to update the password file.