Date: Mon, 22 Jun 1998 16:57:37 +0300 (EEST) From: Alexander Matey <lx@hosix.ntu-kpi.kiev.ua> To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/7019: pwd.db almost always contains /etc/shells Message-ID: <199806221357.QAA13790@lx.hosix.ntu-kpi.kiev.ua>
next in thread | raw e-mail | index | archive | help
>Number: 7019 >Category: bin >Synopsis: pwd.db almost always contains /etc/shells >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Jun 22 07:00:00 PDT 1998 >Last-Modified: >Originator: Alexander Matey >Organization: National Technical University of Ukraine /KPI/ >Release: FreeBSD 2.2.6-STABLE i386 >Environment: FreeBSD lx.hosix.ntu-kpi.kiev.ua 2.2.6-STABLE FreeBSD 2.2.6-STABLE #0: Thu Jun 1 8 13:23:15 EEST 1998 root@lx.hosix.ntu-kpi.kiev.ua:/usr/src/sys/compile/LX i386 lx#lx[v2]/usr/src/usr.sbin/pwd_mkdb>ident pwd_mkdb.c pwd_mkdb.c: $Id: pwd_mkdb.c,v 1.15.2.7 1998/02/19 08:10:31 guido Exp $ >Description: pwd.db created by pwd_mkdb almost always contains the whole or the part of /etc/shells. It's usually ok unless pwd.db is going to be placed in ftp_root:/etc. It seems that calls to (dp->put)(dp, &key, &data, method) in pwd_mkdb.c while writing legal pwd records to hash database get memory malloced in /usr/src/lib/libc/gen/getusershell.c: initshells() in some manner written too. This memory is malloced in the call to setusershell() in /usr/src/usr.sbin/pwd_mkdb/pw_scan.c while checking the shell entry of the user "root". >How-To-Repeat: # cat > master.passwd root:*:0:0::0:0::/nowhere:/nowhere ftpown:*:101:101::0:0::/nowhere:/nowhere ^D # pwd_mkdb -d . master.passwd pwd_mkdb: warning, unknown root shell # strings pwd.db | more >Fix: 1) rename /etc/shells while building pwd.db for ftp_root:/etc 2) do not include "root" user in master.passwd 3) set username with uid 0 to "Root" :-) in master.passwd 3) use native ftpd built with -DINTERNAL_LS 4) do not put pwd.db in ftp_root:/etc at all - let ftp_root:/bin/ls produce numeric uids. 5) fix pwd_mkdb to prevent such behavior >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806221357.QAA13790>