A/UX: Bourne Shell: "ulimit" Security Problem

Here's a security problem in A/UX 1.0 and 1.1. It does not apply
to A/UX 3.0.

$ulimit 0
$passwd # this command means do the normal passwd routines


After this, the "/etc/passwd" file is truncated to 0 length.  This works
both as "su" and as a normal user.  This problem has been verified in the
Bourne Shell "ulimit" built-in function.

If anyone wants to verify it, login as "root".  Otherwise, you can't get
back your root access.


Published Date: Feb 18, 2012