bin/144652: [PATCH] pwd_mkdb copies comments to /etc/passwd
Andre Albsmeier
Andre.Albsmeier at siemens.com
Thu Mar 11 11:30:03 UTC 2010
>Number: 144652
>Category: bin
>Synopsis: [PATCH] pwd_mkdb copies comments to /etc/passwd
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Mar 11 11:30:02 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Andre Albsmeier
>Release: FreeBSD 7.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD 7.2-STABLE
>Description:
pwd_mkdb copies comments from /etc/master.passwd to /etc/passwd.
Since /etc/passwd is world readable this could reveal encrypted,
although currently not active, passwords from entries that have
been commented out for some reason.
>How-To-Repeat:
Add a user with password to /etc/master.passwd.
vipw and comment out the entry by adding a # in front of it.
As normal user: grep '#' /etc/passwd
The result looks something like this:
# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
#
#bla:$1$p6BO4g61$1nBDxyYFx4veLK9TAXYM8/:998:0:md5:0:0::/var/empty:/bin/sh
>Fix:
A solution would be to not copy comments to /etc/passwd:
--- usr.sbin/pwd_mkdb/pwd_mkdb.c.ORI 2009-06-10 21:11:21.000000000 +0200
+++ usr.sbin/pwd_mkdb/pwd_mkdb.c 2010-03-11 11:53:47.000000000 +0100
@@ -555,11 +555,12 @@
error("put");
}
}
- /* Create original format password file entry */
- if (is_comment && makeold){ /* copy comments */
- if (fprintf(oldfp, "%s\n", line) < 0)
- error("write old");
- } else if (makeold) {
+ /* Create original format password file entry.
+ * Don't copy comments since this could reveal
+ * encrypted passwords if entries have been
+ * simply commented out in master.passwd.
+ */
+ if( makeold && !is_comment ) {
char uidstr[20];
char gidstr[20];
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list