Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Nov 1998 21:58:15 +0100 (CET)
From:      Mikael Karpberg <karpen@ocean.campus.luth.se>
To:        wam@sa.fedex.com (William McVey)
Cc:        hackers@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject:   Re: Would this make FreeBSD more secure?
Message-ID:  <199811172058.VAA02065@ocean.campus.luth.se>
In-Reply-To: <199811161838.MAA25024@s07.sa.fedex.com> from William McVey at "Nov 16, 98 12:38:11 pm"
next in thread | previous in thread | raw e-mail | index | archive | help 

According to William McVey:
> I'm in favor of the proposed change to allow some group (for discussion
> sake, lets call it group 'shadow') read permission to the shadow file.

Umm... I have seen no one in this discussion mention this, so I'll say it,
after repeating what someone DID say "Small well audited setuid programs
are not a problem". Now... Here's my suggestion, my_xlock.c:

int main() {
  char *str;
  FILE *f;
  int done = 0;
  lock_screen();
  while (!done) {
    str = wait_for_passwd();
    f = popen("/usr/bin/check_pw", "w");
    fprintf(f, "%d %s\n", getuid(), str);
    fflush(f);
    if (!pclose(f)) {
      unlock_screen();
      done = 1;
    } else {
      print_errror("Wrong password");
    }
  }
  return 0;
}

Seems simple enough to me, and could be used from scripts and everything.
All you need is a small util (/usr/bin/check_pw) that is setuid root.
I can't see a security problem with this, at all. Failed logins could
be logged also, if that's a concern. All it has to do is something like:

int main() {
  char buffer[100];
  struct passwd *pw;
  uind_t uid;
  char *str;
  char *setting;
  fgets(buffer, sizeof buffer, stdin);
  if (isdigit(buffer[0])) {
    uid = strtol(buffer, &str, 0);
    if (!*str)
      exit(1);
    pw = getpwuid(uid);
  } else {
    while (!isspace(*str))
      str++;
    if (!*str)
      exit(1);
    *str = '\0';
    pw = getpwnam(buffer);
  }
  str++;
  setting = get_setting_and_move_str(&str);
  if (strcmp(pw->pw_passwd, crypt(str, setting)) == 0)
    return 0;
  return 1;
}

I'm sure there are minor or even major mistakes in the programs above, but
I think everyone should get the idea, if the problems are just syntax errors,
and such. The check_pw program should be small enough to be quite possible to
do as close to 100% bug free as one can hope to get.

  /Mikael

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811172058.VAA02065>