Date: Thu, 11 Mar 2010 12:21:47 +0100 (CET) From: Andre Albsmeier <Andre.Albsmeier@siemens.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: bin/144652: [PATCH] pwd_mkdb copies comments to /etc/passwd Message-ID: <201003111121.o2BBLl91028812@curry.mchp.siemens.de> Resent-Message-ID: <201003111130.o2BBU25i018143@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 144652 >Category: bin >Synopsis: [PATCH] pwd_mkdb copies comments to /etc/passwd >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Mar 11 11:30:02 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Andre Albsmeier >Release: FreeBSD 7.2-STABLE i386 >Organization: >Environment: System: FreeBSD 7.2-STABLE >Description: pwd_mkdb copies comments from /etc/master.passwd to /etc/passwd. Since /etc/passwd is world readable this could reveal encrypted, although currently not active, passwords from entries that have been commented out for some reason. >How-To-Repeat: Add a user with password to /etc/master.passwd. vipw and comment out the entry by adding a # in front of it. As normal user: grep '#' /etc/passwd The result looks something like this: # $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $ # #bla:$1$p6BO4g61$1nBDxyYFx4veLK9TAXYM8/:998:0:md5:0:0::/var/empty:/bin/sh >Fix: A solution would be to not copy comments to /etc/passwd: --- usr.sbin/pwd_mkdb/pwd_mkdb.c.ORI 2009-06-10 21:11:21.000000000 +0200 +++ usr.sbin/pwd_mkdb/pwd_mkdb.c 2010-03-11 11:53:47.000000000 +0100 @@ -555,11 +555,12 @@ error("put"); } } - /* Create original format password file entry */ - if (is_comment && makeold){ /* copy comments */ - if (fprintf(oldfp, "%s\n", line) < 0) - error("write old"); - } else if (makeold) { + /* Create original format password file entry. + * Don't copy comments since this could reveal + * encrypted passwords if entries have been + * simply commented out in master.passwd. + */ + if( makeold && !is_comment ) { char uidstr[20]; char gidstr[20]; >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201003111121.o2BBLl91028812>