From owner-freebsd-security@FreeBSD.ORG  Mon Jun  2 05:56:30 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 417C837B401
	for <freebsd-security@freebsd.org>;
	Mon,  2 Jun 2003 05:56:30 -0700 (PDT)
Received: from alice.netmint.com (alice.netmint.com [207.106.37.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7619C43F75
	for <freebsd-security@freebsd.org>;
	Mon,  2 Jun 2003 05:56:29 -0700 (PDT)
	(envelope-from support@netmint.com)
Received: from alice.netmint.com (localhost.netmint.com [127.0.0.1])
	by alice.netmint.com (8.12.8p1/8.12.8) with ESMTP id h52CuTxI084216
	for <freebsd-security@freebsd.org>;
	Mon, 2 Jun 2003 08:56:29 -0400 (EDT)
	(envelope-from support@netmint.com)
Received: from localhost (support@localhost)h52CuT5t084213
	for <freebsd-security@freebsd.org>;
	Mon, 2 Jun 2003 08:56:29 -0400 (EDT)
	(envelope-from support@netmint.com)
X-Authentication-Warning: alice.netmint.com: support owned process doing -bs
Date: Mon, 2 Jun 2003 08:56:29 -0400 (EDT)
From: Support <support@netmint.com>
To: freebsd-security@freebsd.org
Message-ID: <20030602085600.B84160@alice.netmint.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: quick poppassd question
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jun 2003 12:56:30 -0000

Hello,

I did a quick change to the patched port of poppassd and am wondering if
you think my code would introduce any potential problems.

The idea is right after we check if the username exists, also check if the
UID of that username is over 1000. I wanted to make sure that no one
monkeys around with priveleged users once poppassd is running.

So, the middle chunk of code is mine, everything else has been there
before me.

What's the general feeling about the security of poppassd provided that
users with valid passwords already have shell access to the system, and
now nobody can try to change priveleged accounts' passwords?

--- cut ---

     if ((pw = getpwnam (user)) == NULL)
     {
          syslog (LOG_ERR, "Unknown user, %s", user);
          sleep (5);
          WriteToClient ("500 Old password is incorrect.");
          exit(1);
     }

     /* begin added code */
     if ((pw->pw_uid) < 1001)
     {
          syslog (LOG_ERR, "Priveleged user, %s", user);
          sleep (5);
          WriteToClient ("500 Old password is incorrect.");
          exit(1);
     }
     /* end added code */

     if (chkPass (user, oldpass, pw) == FAILURE)
     {
          syslog (LOG_ERR, "Incorrect password from %s", user);
          sleep (5);
          WriteToClient ("500 Old password is incorrect.");
          exit(1);
     }

--- cut ---

Perhaps if this passes everyone's scrutiny, it could be added as yet
another patch to poppassd with the min UID defined somewhere in the
Makefile or poppassd.c.

Thanks for your help,

Andrew