Date: Thu, 10 May 2007 00:16:23 GMT From: Ighighi<ighighi@gmail.com> To: freebsd-gnats-submit@FreeBSD.org Subject: conf/112558: [patch] [conf]: /etc/periodic/daily/200.backup-passwd poor handling of /etc/master.passwd Message-ID: <200705100016.l4A0GN5g067027@www.freebsd.org> Resent-Message-ID: <200705100030.l4A0U4Tj097830@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 112558 >Category: conf >Synopsis: [patch] [conf]: /etc/periodic/daily/200.backup-passwd poor handling of /etc/master.passwd >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu May 10 00:30:03 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Ighighi >Release: 6.2-STABLE >Organization: >Environment: FreeBSD orion 6.2-STABLE FreeBSD 6.2-STABLE #1: Sat May 5 10:13:59 VET 2007 root@orion:/usr/obj/usr/src/sys/CUSTOM i386 >Description: The script /etc/periodic/daily/200.backup-passwd (enabled by default in /etc/defaults/periodic.conf) is intended to perform the following function as described in periodic.conf(5): daily_backup_passwd_enable Set to ``YES'' if you want the /etc/master.passwd and /etc/group files backed up and reported on. The offending line in the script (with $bak set to /var/backups by default) is: mv $bak/master.passwd.bak $bak/master.passwd.bak2 No previous handling of master.passwd.bak2 before mv(1) exists so there's no guarantee at all that sensitive data won't be retrieved by malicious users in environments with no disk encryption on the filesystem containing /var or when mounted in RAM with mdmfs(8). The attached patch just adds these 2 lines rm -fP $bak/master.passwd.bak2 rm -fP $bak/group.bak2 before the cp(1) above... I'm aware of the limitations of rm(1)'s -P but in this case I think it's better than nothing. I had the temptation to patch etc/defaults/periodic.conf with #daily_backup_passwd_enable="YES" as etc/periodic/daily/200.backup-passwd seems to me to be too amateur to be enabled by default. >How-To-Repeat: >Fix: A quick fix would be to run: echo 'daily_backup_passwd_enable="NO"' >> /etc/periodic.conf or use the patch attached. Patch attached with submission follows: --- etc/periodic/daily/200.backup-passwd.orig Sun May 7 00:00:25 2006 +++ etc/periodic/daily/200.backup-passwd Wed May 2 03:41:18 2007 @@ -43,6 +43,7 @@ echo "$host passwd diffs:" diff -I '^#' $bak/master.passwd.bak /etc/master.passwd |\ sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/' + rm -fP $bak/master.passwd.bak2 mv $bak/master.passwd.bak $bak/master.passwd.bak2 cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3 fi @@ -59,6 +60,7 @@ [ $rc -lt 1 ] && rc=1 echo "$host group diffs:" diff $bak/group.bak /etc/group + rm -fP $bak/group.bak2 mv $bak/group.bak $bak/group.bak2 cp -p /etc/group $bak/group.bak || rc=3 fi >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705100016.l4A0GN5g067027>