From owner-freebsd-hackers  Sun Sep  8 22:20:15 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id WAA00752
          for hackers-outgoing; Sun, 8 Sep 1996 22:20:15 -0700 (PDT)
Received: from kanto.cc.jyu.fi (root@kanto.cc.jyu.fi [130.234.1.2])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id WAA00747
          for <freebsd-hackers@freebsd.org>; Sun, 8 Sep 1996 22:20:12 -0700 (PDT)
Received: from localhost (kallio@localhost [127.0.0.1]) by kanto.cc.jyu.fi (8.7.2/8.7.2) with ESMTP id IAA01961; Mon, 9 Sep 1996 08:16:47 +0300 (EET DST)
Date: Mon, 9 Sep 1996 08:16:45 +0300 (EET DST)
From: Seppo Kallio <kallio@cc.jyu.fi>
To: Joerg Wunsch <joerg_wunsch@uriah.heep.sax.de>
cc: FreeBSD hackers <freebsd-hackers@freebsd.org>,
        Wolfram Schneider <wosch@cs.tu-berlin.de>
Subject: Re: SECURITY HOLE in FreeBSD 2.1.5 ????????!!!!!!!
In-Reply-To: <199609070742.JAA08466@uriah.heep.sax.de>
Message-ID: <Pine.SOL.3.92.960909080801.1485A-100000@kanto.cc.jyu.fi>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8BIT
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>
> It indeed creates this file, but you should have UTSL'ed before.  It
> is deliberately created with ``insecure'' permissions, and it is the
> new copy of /etc/passwd if the -p option has been specified.  Thus, it
> doesn't contain passwords.

Then it is OK. The name was missleading me.

> > We cannot add users to the system when someone is using passwd command.
> > It is really big problem in a node having 4000 accounts when we try to add
> > 1000 account now when new students come in start of September.
> > Passwd command should not lock the passwd files for the entire time after
> > user type passwd to the time he/she succeeds to type his/hers new passwd!
>
> Of course, the passwd command *should* lock the master password file
> while modifications are in progress.

Yes. But not right after user pushes the enter putton after passwd
-command. That is not all the time user is "in" the passwd command.
As you say "while modifications are in progress". There is no modification
in progress until user pushes enter after the second new passwd. Or do you
agree?

>  However, you are perhaps
> interested in Guido's ``incremental update'' modifications:
>
> revision 1.11
> date: 1996/07/01 19:38:27;  author: guido;  state: Exp;  lines: +218 -133
> Implement incremental passwd database updates. This is done by ading a '-u'
> option to pwd_mkdb and adding this option to utilities invoking it.
> Further, the filling of both the secure and insecure databases has been
> merged into one loop giving also a performance improvemnet.

Can you tell me, where I can find this modification?

> Btw., i found a real security hole while browsing through the sources:
> adduser backs up the contents of master.passwd into a world readable
> file in case pwd_mkdb(8) returned an error.  Wolfram, can you fix this
> please (by setting umask(066) first, i think)?
>
> --
> cheers, J"org

Thank you.

Seppo Kallio				kallio@jyu.fi
Computing Center			Fax +358-14-603611
U of Jyväskylä		62.14N 25.44E	Phone +358-14-603606
PL 35, 40351 Jyväskylä, Finland		http://www.jyu.fi/~kallio