bin/118488: pw usershow doesn't print password hashes when run as
root
Maciej Kazulak
kazulakm at iem.pw.edu.pl
Fri Dec 7 15:10:03 PST 2007
>Number: 118488
>Category: bin
>Synopsis: pw usershow doesn't print password hashes when run as root
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Dec 07 23:10:02 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator: Maciej Kazulak
>Release: FreeBSD 8.0-CURRENT amd64
>Organization:
>Environment:
System: FreeBSD vol2 8.0-CURRENT FreeBSD 8.0-CURRENT #4: Mon Nov 19 21:24:34 CET 2007 ato at vol2:/tmp/obj/usr/src/sys/VOLT64 amd64
>Description:
$ sudo pw usershow test
test:*:1002:1002::0:0:test:/home/test:/bin/sh
Even when run as root pw won't print password hashes. This is due to the
way fmtpwentry() is called inside print_user().
fmtpwentry(buf, pwd, v7 ? PWF_PASSWD : PWF_STANDARD);
For the hash to be printed the third argument (type) must be PWF_MASTER.
>From pwupd.h:
enum pwdfmttype
{
PWF_STANDARD, /* MASTER format but with '*' as password
*/
PWF_PASSWD, /* V7 format */
PWF_GROUP = PWF_PASSWD,
PWF_MASTER /* MASTER format with password */
};
>How-To-Repeat:
>Fix:
Make print_user() pass PWF_MASTER to fmtpwentry() if -7 was not given on
the command line and euid == 0.
--- patch.diff begins here ---
--- /usr/src/usr.sbin/pw/pw_user.c.orig 2007-12-07 01:04:47.000000000 +0100
+++ /usr/src/usr.sbin/pw/pw_user.c 2007-12-07 02:52:40.000000000 +0100
@@ -1146,7 +1146,7 @@
if (!pretty) {
char buf[_UC_MAXLINE];
- fmtpwentry(buf, pwd, v7 ? PWF_PASSWD : PWF_STANDARD);
+ fmtpwentry(buf, pwd, v7 ? PWF_PASSWD : (geteuid() ? PWF_STANDARD : PWF_MASTER));
fputs(buf, stdout);
} else {
int j;
--- patch.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list