Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 22 Jun 1998 16:57:37 +0300 (EEST)
From:      Alexander Matey <lx@hosix.ntu-kpi.kiev.ua>
To:        FreeBSD-gnats-submit@FreeBSD.ORG
Subject:   bin/7019: pwd.db almost always contains /etc/shells
Message-ID:  <199806221357.QAA13790@lx.hosix.ntu-kpi.kiev.ua>
next in thread | raw e-mail | index | archive | help 

>Number:         7019
>Category:       bin
>Synopsis:       pwd.db almost always contains /etc/shells
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jun 22 07:00:00 PDT 1998
>Last-Modified:
>Originator:     Alexander Matey
>Organization:
National Technical University of Ukraine /KPI/
>Release:        FreeBSD 2.2.6-STABLE i386
>Environment:

FreeBSD lx.hosix.ntu-kpi.kiev.ua 2.2.6-STABLE FreeBSD 2.2.6-STABLE #0: Thu Jun 1
8 13:23:15 EEST 1998     root@lx.hosix.ntu-kpi.kiev.ua:/usr/src/sys/compile/LX
i386

lx#lx[v2]/usr/src/usr.sbin/pwd_mkdb>ident pwd_mkdb.c
pwd_mkdb.c:
     $Id: pwd_mkdb.c,v 1.15.2.7 1998/02/19 08:10:31 guido Exp $

>Description:

	pwd.db created by pwd_mkdb almost always contains the whole or the part of /etc/shells. It's usually ok unless pwd.db is going to be placed in ftp_root:/etc. It seems that calls to (dp->put)(dp, &key, &data, method) in pwd_mkdb.c while writing legal pwd records to hash database get memory malloced in /usr/src/lib/libc/gen/getusershell.c: initshells() in some manner written too. This memory is malloced in the call to setusershell() in /usr/src/usr.sbin/pwd_mkdb/pw_scan.c while checking the shell entry of the user "root".

>How-To-Repeat:

	# cat > master.passwd
	root:*:0:0::0:0::/nowhere:/nowhere
	ftpown:*:101:101::0:0::/nowhere:/nowhere
	^D
	# pwd_mkdb -d . master.passwd
	pwd_mkdb: warning, unknown root shell
	# strings pwd.db | more

>Fix:
	
	1) rename /etc/shells while building pwd.db for ftp_root:/etc
	2) do not include "root" user in master.passwd
	3) set username with uid 0 to "Root" :-) in master.passwd
	3) use native ftpd built with -DINTERNAL_LS
	4) do not put pwd.db in ftp_root:/etc at all - let ftp_root:/bin/ls produce numeric uids.
	5) fix pwd_mkdb to prevent such behavior
 
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806221357.QAA13790>