From nobody Thu Jan 05 06:48:41 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4NncWF4vp9z2qp32; Thu, 5 Jan 2023 06:48:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4NncWF42s0z4Q7b; Thu, 5 Jan 2023 06:48:41 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1672901321; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZNTPQ7Ayg3pAY+0a/2919UtkFukm3e95tzgS+X/jsvI=; b=jzwD6fBMuZEPHGcJqHtkyQyQFfLRZjxfwnouSO6z/LBf+xPQAocWiGJhS1PNk13OPxSv2g 5yj0bWlz6qzCjfsOps69oe6FUU9PIZKxO5SV3Y7f36fUhj34wRo1EYDkr7JVl8Z++eeAw2 W3aLP7au9kCEIHMTGQLoMz7lnzwaDrJ4LKzcNAwCybm9gZSuyz4HPEUN9y38UM/dXdg9gB VoJlKOVuB0REIbDVoBgmLYW756XaS4kQ/Sy5e/KtHoZbFZFNmm1zZ4E6yJ3weQtVUYmKpO cEFjMnpumF2e48t/tkfqdALd1wjmRD61jgRYbUpITWFk/i9QB8sbQKBwMaLk2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1672901321; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZNTPQ7Ayg3pAY+0a/2919UtkFukm3e95tzgS+X/jsvI=; b=ZWVmO81/CQi6YZsO00R9kNaug1fEHYho62CF7ItbQqSsxHSEfXlzHOvLb2JNn6ycgQRkEm 7VZfiYCbW9yPZQoob4xXAK7xLrjC8Ir/VduNQld4+CmrCurgYN6UrkyqjuPX7NIPMjtQ5E +hA5xejOCytxjqPz/l5jrQoOCsM8YnJogX2zDA04x/8A02o/YXZK87Ern68Nw3G30PK7tO vnuBhuKuqEn/QbZ739qFf5VJRmblI9oDCLejq7RpvnsooyDuvCxboV6pfTXVGBVrPzetKZ uAHRaQse8cttQyJ+TWjS+RVZQHCfLmJ91GQ6+jWh+ksONTD0eeGVtA3dkqhvUw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1672901321; a=rsa-sha256; cv=none; b=WckwvDPVjoIQ4y5DS1jtGM3O0GwRMBIZdD8ZbhnSVAGL+XtK1ZoHkEvsOwWwLpBzbC6Poi cpaeNMw29PEEbDU7bCkxQ0yRJp7BI7Xnr6M4WMfjkyRkK9LRm+jIBR/hHaoWrMSghrvtOB fR6hfK0uqoJjSB1tefbYs8RGuPsvyq4ChEU3OK6xie/kJMQmHT0EJBoWKJzpVJkB82hASM A2+JDhXCDyWFQsL3dIuIp0n/tgrHiu26kANPzdTvlQMO/A5PXRt3twy5tMiNGX+bQUALMN I2ozoYLxztSYWVhng38KKRIA/oGD5cpU4KJ1R9iAPLsse7vPNodraKCKF8TlyA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4NncWF35lZzhXm; Thu, 5 Jan 2023 06:48:41 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 3056mfT3075363; Thu, 5 Jan 2023 06:48:41 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 3056mfrp075362; Thu, 5 Jan 2023 06:48:41 GMT (envelope-from git) Date: Thu, 5 Jan 2023 06:48:41 GMT Message-Id: <202301050648.3056mfrp075362@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Xin LI Subject: git: 0deb25bd9d6d - main - pwd_mkdb(8): Don't copy comments from /etc/master.passwd to /etc/passwd. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: delphij X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0deb25bd9d6d2cdd4aa22f0e2754161e35f3785c Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by delphij: URL: https://cgit.FreeBSD.org/src/commit/?id=0deb25bd9d6d2cdd4aa22f0e2754161e35f3785c commit 0deb25bd9d6d2cdd4aa22f0e2754161e35f3785c Author: Andre Albsmeier AuthorDate: 2010-03-11 10:53:47 +0000 Commit: Xin LI CommitDate: 2023-01-05 06:18:09 +0000 pwd_mkdb(8): Don't copy comments from /etc/master.passwd to /etc/passwd. The intention of /etc/passwd was to support legacy applications that are not yet converted to use modern API like getpwent(3). Comments are not defined in the legacy format, so copying them could break these applications. Plus, it could leak sensitive information (e.g. encrypted form of password of an user that was commented out instead of deleted or disabled). PR: bin/144652 MFC after: 1 month --- usr.sbin/pwd_mkdb/pwd_mkdb.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c index 6297bcb461db..261e7951a126 100644 --- a/usr.sbin/pwd_mkdb/pwd_mkdb.c +++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c @@ -462,11 +462,14 @@ main(int argc, char *argv[]) error("put"); } } - /* Create original format password file entry */ - if (is_comment && makeold){ /* copy comments */ - if (fprintf(oldfp, "%s\n", line) < 0) - error("write old"); - } else if (makeold) { + /* + * Create original style password file entry. + * + * Don't copy comments since this could reveal encrypted + * passwords if entries have been simply commented out + * in master.passwd. + */ + if (makeold && !is_comment) { char uidstr[20]; char gidstr[20];