Package: debconf-utils Version: 1.5.49 Severity: important Tags: patch User: debian-...@lists.debian.org Usertags: debian-edu
We recently discovered a problem with the Wheezy version of Debian Edu we are working on. The clear text password of root and the first user would show up in /var/cache/debconf/templates.dat and /var/cache/debconf/templates.dat-old, even if we had code in our installation hooks to remove the passwords from debconf once they had been used to set up Kerberos and LDAP. I traced it down to our use of debconf-set-selections to pass the passwords into the debconf database in /target/, and the code that look like this: sub load_answer { my ($owner, $label, $type, $content) = @_; info "Loading answer for '$label'"; my $template=Debconf::Template->get($label); if (! $template) { $template=Debconf::Template->new($label, $owner, $type); $template->description("Dummy template"); $template->extended_description("This is a fake template used to pre-seed the debconf database. If you are seeing this, something is probably wrong."); } else { $template->default($content); } [...] $question->value($content); [...] } When using debconf-set-selectoins to set a password in a template that is already loaded, the $template->default() code path is used, and this in turn cause a 'Default: clear-text-password' to show up in templates.dat. The clear-text-password string is also added as a value that show up in passwords.dat. When we clear the password later in the installation using db_set debian-edu-config/kdc-password "" this only clear the value in passwords.dat, but not the one in templates.dat - causing the clear text password to be available after installation. This is a security problem. I am unable to understand why the default value is updated by debconf-set-selections, but believe it is a bad idea to do so for templates with the password type. Because of this, I propose the following patch: Index: debconf-set-selections =================================================================== --- debconf-set-selections (revisjon 77643) +++ debconf-set-selections (arbeidskopi) @@ -51,7 +51,9 @@ $template->extended_description("This is a fake template used to pre-seed the debconf database. If you are seeing this, something is probably wrong."); } else { - $template->default($content); + if ("password" ne $type) { + $template->default($content); + } } $template->type($type); This fixed the problem for Debian Edu. Luckily we already had our own version of debconf-set-selection, so we could fix the problem on our end, but I believe the problem should be fixed for everyone using debconf-set-selections to store passwords. :) -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org