On Tuesday 03 July 2007 08:11:42 Denis Vlasenko wrote:
> On Tuesday 03 July 2007 00:08, Tito wrote:
> > Hi,
> > I noticed that our password checking routine in correct_password.c
> > behaves differently than real login app.
> > In case that support for shadow passwords is enabled and
> > /etc/shadow is missing it complains with an error message:
> >
> > "no valid shadow password, checking ordinary one"
> >
> > thus disclosing information about the state of the system.
> > I think it should instead fake an incorrect login.
> > A patch is attached, comments and critics are welcome.
>
> With this patch, you *require* admin to keep passwords in /etc/shadow.
Why?
+ if (LONE_CHAR(pw->pw_passwd, 'x') || LONE_CHAR(pw->pw_passwd, '*'))
+ correct = (getspnam_r(pw->pw_name, &spw, buffer,
sizeof(buffer), &result)) ? "aa" : spw.sp_pwdp;
It's the admin himself that is saying through 'x' or '*' that he wants to use
shadow passwords.
If you put a real password in pw->pw_passwd this code is not executed.
> I prefer when admin *has an option* to have /etc/shadow,
> but [s]he can still have them in /etc/passwd instead.
>
> I will do this:
>
> #if ENABLE_FEATURE_SHADOWPASSWDS
> if ((correct[0] == 'x' || correct[0] == '*') && !correct[1]) {
Adding &&!correct[1] to the check is a good idea, we should do it indipendently
of this issue.
> if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer),
> &result) == 0)
> correct = spw.sp_pwdp;
> /* else: no valid shadow password, checking ordinary one */
> }
> #endif
>
> Is it ok with you?
> --
> vda
>
In this way if getspnam_r fails correct will be "x" or "*" and man page says:
salt is a two-character string chosen from the set [a–zA–Z0–9./]. This
string is used to perturb the algorithm in one of 4096 different ways.
Think this was the reason we used correct = "aa"?
Ciao,
Tito
_______________________________________________
busybox mailing list
[email protected]
http://busybox.net/cgi-bin/mailman/listinfo/busybox
