From owner-freebsd-bugs@FreeBSD.ORG  Thu May 10 00:30:04 2007
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
X-Original-To: freebsd-bugs@hub.freebsd.org
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id A5E0B16A402
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 10 May 2007 00:30:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40])
	by mx1.freebsd.org (Postfix) with ESMTP id 85EAA13C447
	for <freebsd-bugs@hub.freebsd.org>;
	Thu, 10 May 2007 00:30:04 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l4A0U4TA097831
	for <freebsd-bugs@freefall.freebsd.org>; Thu, 10 May 2007 00:30:04 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l4A0U4Tj097830;
	Thu, 10 May 2007 00:30:04 GMT (envelope-from gnats)
Resent-Date: Thu, 10 May 2007 00:30:04 GMT
Resent-Message-Id: <200705100030.l4A0U4Tj097830@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Ighighi<ighighi@gmail.com>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id B79BF16A408
	for <freebsd-gnats-submit@FreeBSD.org>;
	Thu, 10 May 2007 00:21:24 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [69.147.83.33])
	by mx1.freebsd.org (Postfix) with ESMTP id 90E5F13C458
	for <freebsd-gnats-submit@FreeBSD.org>;
	Thu, 10 May 2007 00:21:24 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l4A0LOcX072387
	for <freebsd-gnats-submit@FreeBSD.org>; Thu, 10 May 2007 00:21:24 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id l4A0GN5g067027;
	Thu, 10 May 2007 00:16:23 GMT (envelope-from nobody)
Message-Id: <200705100016.l4A0GN5g067027@www.freebsd.org>
Date: Thu, 10 May 2007 00:16:23 GMT
From: Ighighi<ighighi@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.0
Cc: 
Subject: conf/112558: [patch] [conf]: /etc/periodic/daily/200.backup-passwd
	poor handling of /etc/master.passwd
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 May 2007 00:30:04 -0000


>Number:         112558
>Category:       conf
>Synopsis:       [patch] [conf]: /etc/periodic/daily/200.backup-passwd poor handling of /etc/master.passwd
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu May 10 00:30:03 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Ighighi
>Release:        6.2-STABLE
>Organization:
>Environment:
FreeBSD orion 6.2-STABLE FreeBSD 6.2-STABLE #1: Sat May  5 10:13:59 VET 2007     root@orion:/usr/obj/usr/src/sys/CUSTOM  i386
>Description:
The script /etc/periodic/daily/200.backup-passwd (enabled by default in /etc/defaults/periodic.conf) is intended to perform the following function as described in periodic.conf(5):

daily_backup_passwd_enable
Set to ``YES'' if you want the /etc/master.passwd and /etc/group files backed up and reported on.

The offending line in the script (with $bak set to /var/backups by default) is:
mv $bak/master.passwd.bak $bak/master.passwd.bak2

No previous handling of master.passwd.bak2 before mv(1) exists so there's no guarantee at all that sensitive data won't be retrieved by malicious users in environments with no disk encryption on the filesystem containing /var or when mounted in RAM with mdmfs(8). The attached patch just adds these 2 lines
rm -fP $bak/master.passwd.bak2
rm -fP $bak/group.bak2
before the cp(1) above...  I'm aware of the limitations of rm(1)'s -P but in this case I think it's better than nothing.

I had the temptation to patch etc/defaults/periodic.conf with
#daily_backup_passwd_enable="YES"
as etc/periodic/daily/200.backup-passwd seems to me to be too amateur to be enabled by default.

>How-To-Repeat:

>Fix:
A quick fix would be to run:
echo 'daily_backup_passwd_enable="NO"' >> /etc/periodic.conf
or use the patch attached.

Patch attached with submission follows:

--- etc/periodic/daily/200.backup-passwd.orig	Sun May  7 00:00:25 2006
+++ etc/periodic/daily/200.backup-passwd	Wed May  2 03:41:18 2007
@@ -43,6 +43,7 @@
 		echo "$host passwd diffs:"
 		diff -I '^#' $bak/master.passwd.bak /etc/master.passwd |\
 			sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/'
+		rm -fP $bak/master.passwd.bak2
 		mv $bak/master.passwd.bak $bak/master.passwd.bak2
 		cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3
 	    fi
@@ -59,6 +60,7 @@
 		[ $rc -lt 1 ] && rc=1
 		echo "$host group diffs:"
 		diff $bak/group.bak /etc/group
+		rm -fP $bak/group.bak2
 		mv $bak/group.bak $bak/group.bak2
 		cp -p /etc/group $bak/group.bak || rc=3
 	    fi

>Release-Note:
>Audit-Trail:
>Unformatted: