From owner-freebsd-isp@FreeBSD.ORG  Mon Jun  2 04:04:11 2003
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 89A3737B401; Mon,  2 Jun 2003 04:04:11 -0700 (PDT)
Received: from alice.netmint.com (alice.netmint.com [207.106.37.5])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 9909B43FBF; Mon,  2 Jun 2003 04:04:10 -0700 (PDT)
	(envelope-from support@alice.netmint.com)
Received: from alice.netmint.com (localhost.netmint.com [127.0.0.1])
	by alice.netmint.com (8.12.8p1/8.12.8) with ESMTP id h52B49xI076891;
	Mon, 2 Jun 2003 07:04:09 -0400 (EDT)
	(envelope-from support@alice.netmint.com)
Received: from localhost (support@localhost)h52B49Qd076888;
	Mon, 2 Jun 2003 07:04:09 -0400 (EDT)
	(envelope-from support@alice.netmint.com)
Date: Mon, 2 Jun 2003 07:04:09 -0400 (EDT)
From: Support <support@alice.netmint.com>
To: security@freebsd.org
Message-ID: <20030602065847.G76644@alice.netmint.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: isp@freebsd.org
Subject: quick poppassd question
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jun 2003 11:04:11 -0000

Hello,

I did a quick change to the patched port of poppassd and am wondering if
you think my code would introduce any potential problems.

The idea is right after we check if the username exists, also check if the
UID of that username is over 1000. I wanted to make sure that no one
monkeys around with priveleged users once poppassd is running.

So, the middle chunk of code is mine, everything else has been there
before me.

What's the general feeling about the security of poppassd provided that
users with valid passwords already have shell access to the system, and
now nobody can try to change priveleged accounts' passwords?

--- cut ---

     if ((pw = getpwnam (user)) == NULL)
     {
          syslog (LOG_ERR, "Unknown user, %s", user);
          sleep (5);
          WriteToClient ("500 Old password is incorrect.");
          exit(1);
     }

     /* begin added code */
     if ((pw->pw_uid) < 1001)
     {
          syslog (LOG_ERR, "Priveleged user, %s", user);
          sleep (5);
          WriteToClient ("500 Old password is incorrect.");
          exit(1);
     }
     /* end added code */

     if (chkPass (user, oldpass, pw) == FAILURE)
     {
          syslog (LOG_ERR, "Incorrect password from %s", user);
          sleep (5);
          WriteToClient ("500 Old password is incorrect.");
          exit(1);
     }

--- cut ---

Perhaps if this passes everyone's scrutiny, it could be added as yet
another patch to poppassd with the min UID defined somewhere in the
Makefile or poppassd.c.

Thanks for your help,

Andrew