Date: Sun, 24 Sep 2000 23:43:01 +0900 From: Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp> To: n@nectar.com Cc: Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp> Subject: pw_class in _pw_passwd is null if __hashpw() is not called in prior Message-ID: <14798.4853.288090.72159A@silver.carrots.uucp.r.dl.itc.u-tokyo.ac.jp> In-Reply-To: In your message of "Wed, 6 Sep 2000 15:14:31 -0500" <20000906151431.A26152@hamlet.nectar.com> References: <20000906151431.A26152@hamlet.nectar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
pw_class in _pw_passwd of src/lib/libc/gen/getpwdent.c is initialized
to null. Thus if a user other than root looks up nis by getpwuid(3) or
getpwnam(3) in prior to calling __hashpw, pw_class is null as well.
This breaks some applications including ssh(1) because they believe
that no members of struct passwd are null.
The following sample code shows the problem.
--- v --- sample --- v ---
#include <pwd.h>
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
int
main(void)
{
struct passwd *pw;
if ((pw = getpwuid(getuid())) != NULL)
printf("name:\t\%s\nclass:\t\%p\n", pw->pw_name, pw->pw_class);
}
--- ^ --- sample --- ^ ---
If you have your passwd entry in nis, you see something like this:
silver% ./getpwent
name: tanimura
class: 0x0
If your passwd entry is in /etc/master.passwd, the result looks like
this:
silver# ./getpwent
name: root
class: 0x804cc28
where 0x804cc28 points to an empty string, which is the expected
result.
As we are supposed to fill in all of the members in struct passwd
(like Solaris), _pw_passwd should have its initial value other than
zero.
static struct passwd _pw_passwd =
{
"",
"",
(uid_t)0, /* XXX Is zero appropriate? */
(gid_t)0,
(time_t)0,
"",
"",
"",
"",
(time_t)0,
0,
};
In addition, we should also reinitialize _pw_passwd by this initial
value before rewriting _pw_passwd, because pw_class filled in by
previous call to __hashpw might grant unauthorized use of resource or
account.
--
Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp> <tanimura@FreeBSD.org>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14798.4853.288090.72159A>