[PATCH & RFC] avoid libbb/correct_password.c to disclose info about system
Denis Vlasenko
vda.linux at googlemail.com
Mon Jul 2 23:11:42 PDT 2007
On Tuesday 03 July 2007 00:08, Tito wrote:
> Hi,
> I noticed that our password checking routine in correct_password.c
> behaves differently than real login app.
> In case that support for shadow passwords is enabled and
> /etc/shadow is missing it complains with an error message:
>
> "no valid shadow password, checking ordinary one"
>
> thus disclosing information about the state of the system.
> I think it should instead fake an incorrect login.
> A patch is attached, comments and critics are welcome.
With this patch, you *require* admin to keep passwords in /etc/shadow.
I prefer when admin *has an option* to have /etc/shadow,
but [s]he can still have them in /etc/passwd instead.
I will do this:
#if ENABLE_FEATURE_SHADOWPASSWDS
if ((correct[0] == 'x' || correct[0] == '*') && !correct[1]) {
if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result) == 0)
correct = spw.sp_pwdp;
/* else: no valid shadow password, checking ordinary one */
}
#endif
Is it ok with you?
--
vda
More information about the busybox
mailing list