From owner-freebsd-security Tue Mar 12 6: 2:48 2002 Delivered-To: freebsd-security@freebsd.org Received: from host-212-42.tele2.pl (host-212-42.tele2.pl [213.173.212.42]) by hub.freebsd.org (Postfix) with ESMTP id E4AF637B400; Tue, 12 Mar 2002 06:02:28 -0800 (PST) Received: from localhost (irys@localhost) by host-212-42.tele2.pl (8.11.6/8.11.4) with ESMTP id g2CE2Rt25983; Tue, 12 Mar 2002 15:02:27 +0100 Date: Tue, 12 Mar 2002 15:02:26 +0100 (CET) From: Parys To: freebsd-bugs@FreeBSD.org Cc: freebsd-security@FreeBSD.org Subject: Re: i386/35816: no one can change password, because "passwd DB is locked" Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org my comment fot these: http://www.freebsd.org/cgi/query-pr.cgi?pr=35816 at bottom, below quote: --- cut --- no one can change password, because "passwd DB is locked" Confidential no Severity serious Priority medium Responsible freebsd-bugs@FreeBSD.org State closed Class sw-bug Submitter-Id current-users Arrival-Date Tue Mar 12 03:10:01 PST 2002 Closed-Date Tue Mar 12 03:43:52 PST 2002 Last-Modified Tue Mar 12 03:43:52 PST 2002 Originator Slawomir Parysek Release 4.5-RELEASE Organization ArgNet Environment FreeBSD my.host.name.com.pl 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002 murray@builder.freebsdmall.com:/usr/src/sys/compile/GENERIC i386 Description When one (malicious) user edit his own passwd database (via $ chpass command), no one can change password, because "passwd DB is locked". Also root cant't change any information in passwd database, eg add/delete It is very importand problem especialy on systems whih acts as shell box (TM.). How-To-Repeat how to repeat, huh, thats simple: log in into accont and leave an running "chpass" command on screen and log out, huh noone can change his/her passd and/or any other info by editing /etc/passwd* etc Fix how to fix it? hmm... block acces to command chpass for all suspicous users ;-P Audit-Trail State-Changed-From-To: open->closed State-Changed-By: billf State-Changed-When: Tue Mar 12 03:41:48 PST 2002 State-Changed-Why: this is not a bug. root can find the process that is holding the lock on the password database and kill both it and the user holding it. http://www.FreeBSD.org/cgi/query-pr.cgi?pr=35816 --- /cut --- Hi all. I affraid it can be big problem. I know, it's obvious, root can kill both user and process that is holding the lock on passwd database, but it may be problemous to monitor and/or kill all users(who play a joke) and his processes, especialy on productional system where all tenths/hundreds users pay $ for his accounts and, where lot of real users heave access to one account, and some users are careless for his doings. The siple way to prevent such incident is build an shell-based or perl script and run it periodicaly from crontab or run it in daemon-like mode(loop), script which take care on passswd database of course and some usrers which can lock it, or whatever. I think (if I can ever think ;o) that better way is to fix this problem in "chpass" binary file or whatever. thank's a lot for attention best regards Parys irys@irc.pl ps: sorry for my bad english knowledge To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message