熱點推薦:
您现在的位置: 電腦知識網 >> 編程 >> Oracle >> 正文

Linux Shadow-Password-HOWTO - 3. 取得 Shadow Suite

2013-11-13 22:13:09  來源: Oracle 

   Shadow Suite for Linux 的歷史(暫不翻譯)
   History of the Shadow Suite for Linux
  DO NOT USE THE PACKAGES IN THIS SECTION THEY HAVE SECURITY PROBLEMS
  
  The original Shadow Suite was written by John F Haugh II
  
  There are several versions that have been used on Linux systems:
  
  shadow is the original
  shadow is Linux specific patch made by Florian La Roche and contains some further enhancements
  shadowmk was specifically packaged for Linux
  The shadowmk package contains the shadow package distributed by John F Haugh II with the shadow patch installed a few fixes made by Mohan Kokal that make installation a lot easier a patch by Joseph RM Zbiciak for loginc (loginsecure) that eliminates the f h security holes in /bin/login and some other miscellaneous patches
  
  The shadowmk package was the previously recommended package but should be replaced due to a security problem with the login program
  
  There are security problems with Shadow versions and shadowmk involving the login program This login bug involves not checking the length of a login name This causes the buffer to overflow causing crashes or worse It has been rumored that this buffer overflow can allow someone with an account on the system to use this bug and the shared libraries to gain root access I wont discuss exactly how this is possible because there are a lot of Linux systems that are affected but systems with these Shadow Suites installed and most preELF distributions without the Shadow Suite are vulnerable!
  
  For more information on this and other Linux security issues see the Linux Security home page (Shared Libraries and login Program Vulnerability)
  
  
  
   如何取得 Shadow Suite?
  目前建議 Shadow Suite 版本目前還是 BETA 測試版然後最近版本在生產環境是安全的且沒有包含易受攻擊的 簽入(login) 程式
  
  該套件(package)使用慣例命名為
  
  shadowYYMMDDtargz
  
  其中 YYMMDD 是Suite 的發行日期
  目前 BETA 測試版本是 Version 且由 Marek Michalkiewicz 維護
  
  還可以從該處得到 shadowcurrenttargz
  
  下列網站也可以找到相關資訊
  
  ftp://ftpicmedupl/pub/Linux/shadow/shadowcurrenttargz
  ftp://iguanahutfi/pub/linux/shadow/shadowcurrenttargz
  ftp:///usr/ggallag/shadow/shadowcurrenttargz
  ftp:///pub/linux/shadow/shadowcurrenttargz
  你應該可以獲得目前最新的版本
  
  你應該不要是用比 shadow 更舊版本因為它們有 簽入 的安全問題
  
  
  
  於參考資料方面我用 shadow 檔進行安裝介紹
  
  如果你之前使用 shadowmk 你應該更信這個版本且重建編譯
  
  
   Shadow Suite包含什麽?
  Shadow Suite 包括對下列功能之替代程式
  
  su login passwd newgrp chfn chsh and id
  
  該套件還包括新程式
  
  chage newusers dpasswd gpasswd useradd userdel usermod groupadd groupdel groupmod groups pwck grpck lastlog pwconv and pwunconv
  
  除此之外函式庫 libshadowa 也包括需要存取使用者密碼之寫和編譯程式
  
  程式之操作手冊也包含在其中
  
  
  也有對簽入程式的 configuration file 它將被安裝在 /etc/logindefs 檔
From:http://tw.wingwit.com/Article/program/Oracle/201311/18514.html
    Copyright © 2005-2013 電腦知識網 Computer Knowledge   All rights reserved.