Date: Mon, 30 Jan 2023 03:33:40 +0000 From: Jessica Clarke <jrtc27@freebsd.org> To: Xin LI <delphij@FreeBSD.org> Cc: "src-committers@freebsd.org" <src-committers@FreeBSD.org>, "dev-commits-src-all@freebsd.org" <dev-commits-src-all@FreeBSD.org>, "dev-commits-src-main@freebsd.org" <dev-commits-src-main@FreeBSD.org> Subject: Re: git: 0deb25bd9d6d - main - pwd_mkdb(8): Don't copy comments from /etc/master.passwd to /etc/passwd. Message-ID: <A7AA914C-DD9C-49C2-8129-3F2E0B767896@freebsd.org> In-Reply-To: <202301050648.3056mfrp075362@gitrepo.freebsd.org> References: <202301050648.3056mfrp075362@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5 Jan 2023, at 06:48, Xin LI <delphij@FreeBSD.org> wrote: >=20 > The branch main has been updated by delphij: >=20 > URL: = https://cgit.FreeBSD.org/src/commit/?id=3D0deb25bd9d6d2cdd4aa22f0e2754161e= 35f3785c >=20 > commit 0deb25bd9d6d2cdd4aa22f0e2754161e35f3785c > Author: Andre Albsmeier <Andre.Albsmeier@siemens.com> > AuthorDate: 2010-03-11 10:53:47 +0000 > Commit: Xin LI <delphij@FreeBSD.org> > CommitDate: 2023-01-05 06:18:09 +0000 >=20 > pwd_mkdb(8): Don't copy comments from /etc/master.passwd to = /etc/passwd. >=20 > The intention of /etc/passwd was to support legacy applications = that are > not yet converted to use modern API like getpwent(3). Comments are = not > defined in the legacy format, so copying them could break these > applications. Plus, it could leak sensitive information (e.g. = encrypted > form of password of an user that was commented out instead of = deleted > or disabled). This broke usr.sbin/etcupdate/tests/preworld_test.sh. Jess > PR: bin/144652 > MFC after: 1 month > --- > usr.sbin/pwd_mkdb/pwd_mkdb.c | 13 ++++++++----- > 1 file changed, 8 insertions(+), 5 deletions(-) >=20 > diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c = b/usr.sbin/pwd_mkdb/pwd_mkdb.c > index 6297bcb461db..261e7951a126 100644 > --- a/usr.sbin/pwd_mkdb/pwd_mkdb.c > +++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c > @@ -462,11 +462,14 @@ main(int argc, char *argv[]) > error("put"); > } > } > - /* Create original format password file entry */ > - if (is_comment && makeold){ /* copy comments */ > - if (fprintf(oldfp, "%s\n", line) < 0) > - error("write old"); > - } else if (makeold) { > + /* > + * Create original style password file entry. > + * > + * Don't copy comments since this could reveal encrypted > + * passwords if entries have been simply commented out > + * in master.passwd. > + */ > + if (makeold && !is_comment) { > char uidstr[20]; > char gidstr[20]; >=20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?A7AA914C-DD9C-49C2-8129-3F2E0B767896>