From owner-freebsd-security Mon Sep 16 10:27:35 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id KAA19562 for security-outgoing; Mon, 16 Sep 1996 10:27:35 -0700 (PDT) Received: from passer.osg.gov.bc.ca (passer.osg.gov.bc.ca [142.32.110.29]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id KAA19556 for ; Mon, 16 Sep 1996 10:27:33 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by passer.osg.gov.bc.ca (8.7.5/8.6.10) with SMTP id KAA27232; Mon, 16 Sep 1996 10:27:27 -0700 (PDT) From: Cy Schubert - ITSD Open Systems Group Message-Id: <199609161727.KAA27232@passer.osg.gov.bc.ca> X-Authentication-Warning: passer.osg.gov.bc.ca: Host localhost [127.0.0.1] didn't use HELO protocol Reply-to: cschuber@orca.gov.bc.ca X-Mailer: DXmail To: freebsd-security@freebsd.org cc: cy@passer.osg.gov.bc.ca Subject: Vipw/pwd_mkdb Bug (?) Date: Mon, 16 Sep 96 10:27:27 -0700 X-Mts: smtp Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk I had the opportunity to upgrade from 2.1R to 2.1.5 and have found a rather interesting bug in vipw and pwd_mkdb. My envronment consists of two machines in an NIS domain. (NIS security is not an issue since these machines are not connected to the Internet except for an hour or two a day via a dialup line with kernel firewalling enabled). Everything worked fine until I did a vipw. After that no NIS users could log in on the machine that the vipw was performed. When I restored, from backup, master.passwd, passwd, spwd.db, and pwd.db, NIS users could once again log in. I subsequently tried pwd_mkdb from 2.1R on the 2.1.5 system and NIS users could still log in. (I assume the 2.1R version of vipw would have worked as well). I then compiled pwd_mkdb.c with the 2.1 version of pwd.h. NIS users could still use log in. I tried the -current version of pwd_mkdb and NIS users could not log in. I noticed that ls and ps worked while login and su did not for NIS users, so the problem appears to be related to getpwnam(2). I started to look at the differences between the 2.1R and the 2.1.5 version of pwd_mkdb and after a little bit of hacking I've managed to isolate the problem, though I cannot explain why it works. Since I don't have the source here with me I'll try to explain the problem from memory. Pwd_mkdb appears to have been changed to replace the "pluscnt" and "minuscnt" variables with a "ypcnt" variable. Adding some code to pwd_mkdb to write ypcnt to the database with the same key as the old _PW_KEYYPPLUSCNT key used in the 2.1R pwd_mkdb appears to have fixed the problem, however I don't fully understand why since getpwnam(2) doesn't appear to reference that key. In short I with the new pwd_mkdb and vipw, the "+" is not handled properly since the count of lines containing "+" or "-" is not written to the database, or getpwnam(2) is using this informatin and I cannot see it. Any ideas? Regards, Phone: (604)389-3827 Cy Schubert OV/VM: BCSC02(CSCHUBER) Open Systems Support BITNET: CSCHUBER@BCSC02.BITNET ITSD Internet: cschuber@uumail.gov.bc.ca cschuber@bcsc02.gov.bc.ca "Quit spooling around, JES do it."