Bug 144652 - [PATCH] pwd_mkdb(8) copies comments to /etc/passwd
Summary: [PATCH] pwd_mkdb(8) copies comments to /etc/passwd
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: Normal Affects Some People
Assignee: Xin LI
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-03-11 11:30 UTC by Andre.Albsmeier
Modified: 2023-02-04 00:30 UTC (History)
4 users (show)

See Also:


Attachments
file.diff (664 bytes, patch)
2010-03-11 11:30 UTC, Andre.Albsmeier
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andre.Albsmeier 2010-03-11 11:30:02 UTC
pwd_mkdb copies comments from /etc/master.passwd to /etc/passwd.
Since /etc/passwd is world readable this could reveal encrypted,
although currently not active, passwords from entries that have
been commented out for some reason.

Fix: A solution would be to not copy comments to /etc/passwd:
How-To-Repeat: 
Add a user with password to /etc/master.passwd.
vipw and comment out the entry by adding a # in front of it.
As normal user: grep '#' /etc/passwd

The result looks something like this:

# $FreeBSD: src/etc/master.passwd,v 1.40 2005/06/06 20:19:56 brooks Exp $
#
#bla:$1$p6BO4g61$1nBDxyYFx4veLK9TAXYM8/:998:0:md5:0:0::/var/empty:/bin/sh
Comment 1 Eitan Adler freebsd_committer freebsd_triage 2017-12-31 08:01:24 UTC
For bugs matching the following criteria:

Status: In Progress Changed: (is less than) 2014-06-01

Reset to default assignee and clear in-progress tags.

Mail being skipped
Comment 2 Thanos 2018-06-26 06:00:14 UTC
MARKED AS SPAM
Comment 3 Ceri Davies freebsd_committer freebsd_triage 2023-01-04 18:54:45 UTC
Still relevant, patch still applicable.  Needs to be determined what the desired behaviour is.
Comment 4 Xin LI freebsd_committer freebsd_triage 2023-01-04 23:01:12 UTC
(In reply to Ceri Davies from comment #3)
The proposed change was reasonable.  I'll give this a shot soon.
Comment 5 commit-hook freebsd_committer freebsd_triage 2023-01-05 06:49:36 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=0deb25bd9d6d2cdd4aa22f0e2754161e35f3785c

commit 0deb25bd9d6d2cdd4aa22f0e2754161e35f3785c
Author:     Andre Albsmeier <Andre.Albsmeier@siemens.com>
AuthorDate: 2010-03-11 10:53:47 +0000
Commit:     Xin LI <delphij@FreeBSD.org>
CommitDate: 2023-01-05 06:18:09 +0000

    pwd_mkdb(8): Don't copy comments from /etc/master.passwd to /etc/passwd.

    The intention of /etc/passwd was to support legacy applications that are
    not yet converted to use modern API like getpwent(3). Comments are not
    defined in the legacy format, so copying them could break these
    applications. Plus, it could leak sensitive information (e.g. encrypted
    form of password of an user that was commented out instead of deleted
    or disabled).

    PR:             bin/144652
    MFC after:      1 month

 usr.sbin/pwd_mkdb/pwd_mkdb.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)
Comment 6 commit-hook freebsd_committer freebsd_triage 2023-02-04 00:27:05 UTC
A commit in branch stable/13 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=3e955733117d1068acbcc19d7113ab5c7ccef2c9

commit 3e955733117d1068acbcc19d7113ab5c7ccef2c9
Author:     Andre Albsmeier <Andre.Albsmeier@siemens.com>
AuthorDate: 2010-03-11 10:53:47 +0000
Commit:     Xin LI <delphij@FreeBSD.org>
CommitDate: 2023-02-04 00:25:54 +0000

    pwd_mkdb(8): Don't copy comments from /etc/master.passwd to /etc/passwd.

    The intention of /etc/passwd was to support legacy applications that are
    not yet converted to use modern API like getpwent(3). Comments are not
    defined in the legacy format, so copying them could break these
    applications. Plus, it could leak sensitive information (e.g. encrypted
    form of password of an user that was commented out instead of deleted
    or disabled).

    PR:             bin/144652
    (cherry picked from commit 0deb25bd9d6d2cdd4aa22f0e2754161e35f3785c)

 usr.sbin/pwd_mkdb/pwd_mkdb.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)
Comment 7 commit-hook freebsd_committer freebsd_triage 2023-02-04 00:29:07 UTC
A commit in branch stable/12 references this bug:

URL: https://cgit.FreeBSD.org/src/commit/?id=b96684daa837462342093344a144e0ee636a9e22

commit b96684daa837462342093344a144e0ee636a9e22
Author:     Andre Albsmeier <Andre.Albsmeier@siemens.com>
AuthorDate: 2010-03-11 10:53:47 +0000
Commit:     Xin LI <delphij@FreeBSD.org>
CommitDate: 2023-02-04 00:27:55 +0000

    pwd_mkdb(8): Don't copy comments from /etc/master.passwd to /etc/passwd.

    The intention of /etc/passwd was to support legacy applications that are
    not yet converted to use modern API like getpwent(3). Comments are not
    defined in the legacy format, so copying them could break these
    applications. Plus, it could leak sensitive information (e.g. encrypted
    form of password of an user that was commented out instead of deleted
    or disabled).

    PR:             bin/144652
    (cherry picked from commit 0deb25bd9d6d2cdd4aa22f0e2754161e35f3785c)

 usr.sbin/pwd_mkdb/pwd_mkdb.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)