Re: git: 0deb25bd9d6d - main - pwd_mkdb(8): Don't copy comments from /etc/master.passwd to /etc/passwd.

In reply to: Jessica Clarke : "Re: git: 0deb25bd9d6d - main - pwd_mkdb(8): Don't copy comments from /etc/master.passwd to /etc/passwd."
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Xin Li <delphij_at_FreeBSD.org>
Date: Mon, 30 Jan 2023 04:43:14 UTC

On 2023-01-29 7:33 PM, Jessica Clarke wrote:
> On 5 Jan 2023, at 06:48, Xin LI <delphij@FreeBSD.org> wrote:
>>
>> The branch main has been updated by delphij:
>>
>> URL: https://cgit.FreeBSD.org/src/commit/?id=0deb25bd9d6d2cdd4aa22f0e2754161e35f3785c
>>
>> commit 0deb25bd9d6d2cdd4aa22f0e2754161e35f3785c
>> Author:     Andre Albsmeier <Andre.Albsmeier@siemens.com>
>> AuthorDate: 2010-03-11 10:53:47 +0000
>> Commit:     Xin LI <delphij@FreeBSD.org>
>> CommitDate: 2023-01-05 06:18:09 +0000
>>
>>     pwd_mkdb(8): Don't copy comments from /etc/master.passwd to /etc/passwd.
>>
>>     The intention of /etc/passwd was to support legacy applications that are
>>     not yet converted to use modern API like getpwent(3). Comments are not
>>     defined in the legacy format, so copying them could break these
>>     applications. Plus, it could leak sensitive information (e.g. encrypted
>>     form of password of an user that was commented out instead of deleted
>>     or disabled).
> 
> This broke usr.sbin/etcupdate/tests/preworld_test.sh.

Ah, my bad.  Fixed in 4bbf45cf5610 .

> Jess
> 
>>     PR:             bin/144652
>>     MFC after:      1 month
>> ---
>> usr.sbin/pwd_mkdb/pwd_mkdb.c | 13 ++++++++-----
>> 1 file changed, 8 insertions(+), 5 deletions(-)
>>
>> diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c
>> index 6297bcb461db..261e7951a126 100644
>> --- a/usr.sbin/pwd_mkdb/pwd_mkdb.c
>> +++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c
>> @@ -462,11 +462,14 @@ main(int argc, char *argv[])
>> 					error("put");
>> 			}
>> 		}
>> -		/* Create original format password file entry */
>> -		if (is_comment && makeold){	/* copy comments */
>> -			if (fprintf(oldfp, "%s\n", line) < 0)
>> -				error("write old");
>> -		} else if (makeold) {
>> +		/*
>> +		 * Create original style password file entry.
>> +		 *
>> +		 * Don't copy comments since this could reveal encrypted
>> +		 * passwords if entries have been simply commented out
>> +		 * in master.passwd.
>> +		 */
>> +		if (makeold && !is_comment) {
>> 			char uidstr[20];
>> 			char gidstr[20];
>>