From owner-freebsd-security Tue Nov 17 13:01:38 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA12837 for freebsd-security-outgoing; Tue, 17 Nov 1998 13:01:38 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from ocean.campus.luth.se (ocean.campus.luth.se [130.240.194.116]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA12832; Tue, 17 Nov 1998 13:01:34 -0800 (PST) (envelope-from karpen@ocean.campus.luth.se) Received: (from karpen@localhost) by ocean.campus.luth.se (8.9.1/8.9.1) id VAA02065; Tue, 17 Nov 1998 21:58:55 +0100 (CET) (envelope-from karpen) From: Mikael Karpberg Message-Id: <199811172058.VAA02065@ocean.campus.luth.se> Subject: Re: Would this make FreeBSD more secure? In-Reply-To: <199811161838.MAA25024@s07.sa.fedex.com> from William McVey at "Nov 16, 98 12:38:11 pm" To: wam@sa.fedex.com (William McVey) Date: Tue, 17 Nov 1998 21:58:15 +0100 (CET) Cc: hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL32 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org According to William McVey: > I'm in favor of the proposed change to allow some group (for discussion > sake, lets call it group 'shadow') read permission to the shadow file. Umm... I have seen no one in this discussion mention this, so I'll say it, after repeating what someone DID say "Small well audited setuid programs are not a problem". Now... Here's my suggestion, my_xlock.c: int main() { char *str; FILE *f; int done = 0; lock_screen(); while (!done) { str = wait_for_passwd(); f = popen("/usr/bin/check_pw", "w"); fprintf(f, "%d %s\n", getuid(), str); fflush(f); if (!pclose(f)) { unlock_screen(); done = 1; } else { print_errror("Wrong password"); } } return 0; } Seems simple enough to me, and could be used from scripts and everything. All you need is a small util (/usr/bin/check_pw) that is setuid root. I can't see a security problem with this, at all. Failed logins could be logged also, if that's a concern. All it has to do is something like: int main() { char buffer[100]; struct passwd *pw; uind_t uid; char *str; char *setting; fgets(buffer, sizeof buffer, stdin); if (isdigit(buffer[0])) { uid = strtol(buffer, &str, 0); if (!*str) exit(1); pw = getpwuid(uid); } else { while (!isspace(*str)) str++; if (!*str) exit(1); *str = '\0'; pw = getpwnam(buffer); } str++; setting = get_setting_and_move_str(&str); if (strcmp(pw->pw_passwd, crypt(str, setting)) == 0) return 0; return 1; } I'm sure there are minor or even major mistakes in the programs above, but I think everyone should get the idea, if the problems are just syntax errors, and such. The check_pw program should be small enough to be quite possible to do as close to 100% bug free as one can hope to get. /Mikael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message