From owner-freebsd-bugs@FreeBSD.ORG  Thu May  1 18:00:25 2003
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C97DC37B401
	for <freebsd-bugs@hub.freebsd.org>;
	Thu,  1 May 2003 18:00:25 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6BDB843F3F
	for <freebsd-bugs@hub.freebsd.org>;
	Thu,  1 May 2003 18:00:25 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.9/8.12.9) with ESMTP id h4210PUp063965
	for <freebsd-bugs@freefall.freebsd.org>;
	Thu, 1 May 2003 18:00:25 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.9/8.12.9/Submit) id h4210P8R063964;
	Thu, 1 May 2003 18:00:25 -0700 (PDT)
Date: Thu, 1 May 2003 18:00:25 -0700 (PDT)
Message-Id: <200305020100.h4210P8R063964@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
From: "Dorr H. Clark" <dclark@applmath.scu.edu>
Subject: fix proposed Re: misc/43674: Able to bypass expired password
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: "Dorr H. Clark" <dclark@applmath.scu.edu>
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 02 May 2003 01:00:26 -0000

The following reply was made to PR misc/43674; it has been noted by GNATS.

From: "Dorr H. Clark" <dclark@applmath.scu.edu>
To: freebsd-gnats-submit@FreeBSD.org,
	crawford.jeffrey.eugene@bigfoot.com
Cc:  
Subject: fix proposed Re: misc/43674: Able to bypass expired password
Date: Thu, 01 May 2003 17:57:12 -0700

 The problem in 43674 occurs because the implementation 
 presumes the cooperation of the user, which is normally 
 a sub-optimal strategy for system security.  
 If the user chooses not to cooperate, login is not aware.  
 
 Our proposed fix checks whether the user has actually made 
 the requested password change before proceeding.  
 If they attempt the ^C exploit listed in 43674, 
 they are prompted again.
 
 NOTE:  This patch is compatible with 4.7-STABLE !
 
 --- /usr/src/usr.bin/login/login.c      Wed Mar 13 10:45:33 2002
 +++ login.c     Mon Apr 28 20:45:24 2003
 @@ -704,12 +704,15 @@
         (void)signal(SIGQUIT, SIG_DFL);
         (void)signal(SIGINT, SIG_DFL);
         (void)signal(SIGTSTP, SIG_IGN);
 -
 -       if (changepass) {
 +       while (changepass) {
                 if (system(_PATH_CHPASS) != 0)
                         sleepexit(1);
 +               pwd = getpwnam(username);
 +               if(!pwd->pw_change)
 +                       changepass = 0;
 +               else
 +                       printf("\nSorry!Your password is expired.You
 have to
 enter a new password.\n\n");
         }
 -
         /*
          * Login shells have a leading '-' in front of argv[0]
          */
 
 Kuang-Wu "Kerwin" Hsu, engineer
 Dorr H. Clark, advisor
 COEN 284 - Operating Systems Case Study 
 Santa Clara University, 
 Santa Clara CA.