chsh overwrites encrypted password
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
eglibc (Ubuntu) |
Fix Released
|
Medium
|
Kees Cook | ||
Lucid |
Fix Released
|
Medium
|
Kees Cook |
Bug Description
My patch for the NIS shadow password security vulnerability introduced a new bug.
One of my NIS users informed me
that she could not login any more after she had used chsh to change her
login shell. The reason was that in the shadow file, the encrypted
password had been replaced by an 'x'. This happens because in my
patch, file nis-pwd.c, the string "##<username>" is replaced with "x".
I thought that this replacement is necessary to let libc6 search for
the encrypted password in the shadow map. But now I found out that it
is not necessary and that without it everything works fine: logging in,
changing password and changing the shell.
I have attached a new patch that simply lets the password field of the
passwd.byname map alone
ProblemType: Bug
Architecture: amd64
Date: Tue Feb 23 16:17:28 2010
Dependencies:
libgcc1 1:4.2.4-1ubuntu3
gcc-4.2-base 4.2.4-1ubuntu3
libc6 2.7-10ubuntu5
DistroRelease: Ubuntu 8.04
Package: libc6 2.7-10ubuntu5
PackageArchitec
ProcEnviron:
SHELL=/bin/tcsh
PATH=/
LANG=en_US.UTF-8
SourcePackage: glibc
Uname: Linux 2.6.24-24-generic x86_64
tags: | added: patch |
tags: |
added: patch-needswork removed: patch |
Changed in glibc (Ubuntu Lucid): | |
assignee: | nobody → Kees Cook (kees) |
importance: | Undecided → Medium |
Can you prepare a diff relative to the Lucid eglibc package, which contains the current upstream patch based on your original diff? It's not immediately clear what portion of that logic needs to be adjusted.