Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 7 Sep 1996 09:42:55 +0200 (MET DST)
From:      J Wunsch <j@uriah.heep.sax.de>
To:        freebsd-hackers@freebsd.org (FreeBSD hackers)
Cc:        kallio@cc.jyu.fi (Seppo Kallio), wosch@cs.tu-berlin.de (Wolfram Schneider)
Subject:   Re: SECURITY HOLE in FreeBSD 2.1.5 ????????!!!!!!!
Message-ID:  <199609070742.JAA08466@uriah.heep.sax.de>
In-Reply-To: <Pine.SOL.3.92.960907091945.28337C-100000@kanto.cc.jyu.fi> from Seppo Kallio at "Sep 7, 96 09:31:39 am"

next in thread | previous in thread | raw e-mail | index | archive | help
Never post to both, -hackers and -current.  Never.  Almost all people
on -current are also subscribed on -hackers, and those who aren't
aren't interested in the other stuff at all.

Don't post security holes to -hackers or -current.  Post them to
-security, to -core, or to security-officer@freebsd.org.

As Seppo Kallio wrote:
> 
> I think pwd_mkdb is making a temporaly file /etc/master.passwd.orig with
> read permissions to all.

It indeed creates this file, but you should have UTSL'ed before.  It
is deliberately created with ``insecure'' permissions, and it is the
new copy of /etc/passwd if the -p option has been specified.  Thus, it
doesn't contain passwords.
> We cannot add users to the system when someone is using passwd command.
> It is really big problem in a node having 4000 accounts when we try to add
> 1000 account now when new students come in start of September.
> Passwd command should not lock the passwd files for the entire time after
> user type passwd to the time he/she succeeds to type his/hers new passwd!

Of course, the passwd command *should* lock the master password file
while modifications are in progress.  However, you are perhaps
interested in Guido's ``incremental update'' modifications:

revision 1.11
date: 1996/07/01 19:38:27;  author: guido;  state: Exp;  lines: +218 -133
Implement incremental passwd database updates. This is done by ading a '-u'
option to pwd_mkdb and adding this option to utilities invoking it.
Further, the filling of both the secure and insecure databases has been
merged into one loop giving also a performance improvemnet.
Note that I did *not* change the adduser command. I don't read perl
(it is a write only language anyway).
The change will drastically improve performance for passwd and
friends with large passwd files. Vipw's performance won't change.
In order to do that some kind of diff should be made between the
old and new master.passwd and depending the amount of changes, an
incremental or complete update of the databases should be agreed
upon.


Btw., i found a real security hole while browsing through the sources:
adduser backs up the contents of master.passwd into a world readable
file in case pwd_mkdb(8) returned an error.  Wolfram, can you fix this
please (by setting umask(066) first, i think)?

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199609070742.JAA08466>