Date: Mon, 14 Apr 1997 12:32:29 +0200 From: Martin Kammerhofer <dada@freepass.tu-graz.ac.at> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/3289: login(1) does not check /etc/skey.access when doing local logins Message-ID: <199704141032.MAA13940@freepass.tu-graz.ac.at> Resent-Message-ID: <199704141040.DAA02797@freefall.freebsd.org>
index | next in thread | raw e-mail
>Number: 3289
>Category: bin
>Synopsis: login(1) does not check /etc/skey.access when doing local logins
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Apr 14 03:40:43 PDT 1997
>Last-Modified:
>Originator: Martin Kammerhofer
>Organization:
Graz University of Technology
>Release: FreeBSD 2.2.1-RELEASE i386
>Environment:
2.2.1 system with SKEY
File /etc/skey.access containing one line (follows here):
permit internet 127.0.0.1 255.255.255.255
>Description:
local logins are possible from ttyv? (i.e. console) only,
BUT according to skey.access ALL LOCAL logins should be allowed
with UNIX passwords.
>How-To-Repeat:
Install the above quoted line in file /etc/skey.access
and try from any non-console terminal /usr/bin/login
(The login binary must be compiled with SKEY).
E.g. try "xterm -e login".
>Fix:
Apply the following patch to login.c, note that this makes login(1)
assume any invocation without option ´-h <host>´ is from ´localhost´
when login(1) decides wether to permit UNIX-passwords.
AFAIK this assumption is valid.
--- login.c~ Tue Apr 8 23:58:54 1997
+++ login.c Wed Apr 9 01:05:30 1997
@@ -282,7 +282,7 @@
#ifdef SKEY
permit_passwd = skeyaccess(username, tty,
- hostname ? full_hostname : NULL,
+ hostname ? full_hostname : "localhost",
NULL);
p = skey_getpass("Password:", pwd, permit_passwd);
ep = skey_crypt(p, salt, pwd, permit_passwd);
>Audit-Trail:
>Unformatted:
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704141032.MAA13940>