bin/96248: vipw fail on RO /etc

Alex Kozlov spam at rm-rf.kiev.ua
Mon Apr 24 11:50:21 UTC 2006


The following reply was made to PR bin/96248; it has been noted by GNATS.

From: Alex Kozlov <spam at rm-rf.kiev.ua>
To: Maxim Konovalov <maxim at macomnet.ru>
Cc: bug-followup at freebsd.org
Subject: Re: bin/96248: vipw fail on RO /etc
Date: Mon, 24 Apr 2006 14:39:53 +0300

 On Mon, Apr 24, 2006 at 12:24:29PM +0400, Maxim Konovalov wrote:
 > On Mon, 24 Apr 2006, 11:07+0300, Alex Kozlov wrote:
 > 
 > > On Mon, Apr 24, 2006 at 11:17:08AM +0400, Maxim Konovalov wrote:
 > > > [...]
 > > > > if rootfs mount as read-only, vipw fall to execute witch vipw:
 > > > > pw_tmp(): Read-only file system error.
 > > > > >How-To-Repeat:
 > > > > #mount |grep -w /
 > > > > /dev/da0s1 on / (ufs, local, read-only)
 > > > >
 > > > > #vipw
 > > > > vipw: pw_tmp(): Read-only file system
 > > > > >Fix:
 > > > > Change temporary file patch in pw_tmp() from
 > > > >
 > > > > if (snprintf(tempname, sizeof(tempname), "%.*spw.XXXXXX",
 > > > >         (int)(p - masterpasswd), masterpasswd) >= (int)sizeof(tempname)) {
 > > > >
 > > > > to more appropriate?
 > > >
 > > > And what is more appropriate?
 > > Quite good solution may be to add fallback mechanism in case if masterpasswd
 > > directory not writable.
 > >
 > > There are any (security?) reasons, which to prevent the storing of
 > > pw_tmp file in /tmp ?
 > 
 >Perhaps they are, I don't know.  I don't think changing passwd temp
 >files location is a good idea.
 In case of /tmp? Perhaps. Just to be on safe side, choose directory
 writable only for root. Say, /var/run.
 Sudo already use /var/run/sudo.
 
 Any security advantages /etc in comparison with /var/run ?
 
 Both have equal permissions.
 If crash happens, /var/run/pw.XXXXXX will be cleaned on next startup,
 /etc/pw.XXXXX and especially /path/to/unknown/pw.XXXXXX - never.
 Rice working on /var/run but not on /etc ? Hmm.
 
 >What is the problem you are trying to solve?
 You probably suggest do something like:
 sudo less /etc/master.passwd
 sudo mount -uw /
 sudo vipw
 ?
 
 One more line for sudoers. One more time type password.
 Perhaps.
 
 --
 Adios


More information about the freebsd-bugs mailing list