Return to BSD News archive
Newsgroups: comp.os.386bsd.bugs
Path: sserve!newshost.anu.edu.au!munnari.oz.au!bunyip.cc.uq.oz.au!harbinger.cc.monash.edu.au!yeshua.marcam.com!usc!math.ohio-state.edu!uwm.edu!news.doit.wisc.edu!decwrl!csus.edu!netcom.com!chrisj
From: chrisj@netcom.com (Christopher T. Jewell)
Subject: 386bsd login security bug
Message-ID: <chrisjCHypxr.94s@netcom.com>
Summary: uid 0 without password can log in on an insecure tty (fix included)
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
Date: Mon, 13 Dec 1993 07:25:02 GMT
Lines: 63
The following error exists in /usr/src/usr.bin/login/login.c on 386BSD
0.1 with all the patchkits applied: if the password entry contains no
password, login.c permits the login to proceed even if the uid being
logged in is 0 and the tty is not marked secure.
The patch below attempts to minimize the number of changed lines
(without introducing a `goto'). A neater job can be done by
reindenting all the lines between the added `{' and `}', and it should
be done that way for integration into NetBSD and FreeBSD, if someone
hasn't already fixed the bug in those products. This is a quick and
dirty fix for those of us who have not yet upgraded to one of the
newer versions.
*** login.c.orig Mon Jul 6 23:41:33 1992
--- login.c Sun Dec 12 22:12:01 1993
***************
*** 219,230 ****
* is root or the caller isn't changing their uid, don't
* authenticate.
*/
- if (pwd && (*pwd->pw_passwd == '\0' ||
- fflag && (uid == 0 || uid == pwd->pw_uid)))
- break;
- fflag = 0;
if (pwd && pwd->pw_uid == 0)
rootlogin = 1;
(void)setpriority(PRIO_PROCESS, 0, -4);
--- 219,230 ----
* is root or the caller isn't changing their uid, don't
* authenticate.
*/
if (pwd && pwd->pw_uid == 0)
rootlogin = 1;
+ if(! (pwd && (*pwd->pw_passwd == '\0' ||
+ fflag && (uid == 0 || uid == pwd->pw_uid))))
+ {
+ fflag = 0;
(void)setpriority(PRIO_PROCESS, 0, -4);
***************
*** 253,259 ****
bzero(p, strlen(p));
(void)setpriority(PRIO_PROCESS, 0, 0);
!
/*
* If trying to log in as root without Kerberos,
* but with insecure terminal, refuse the login attempt.
--- 253,259 ----
bzero(p, strlen(p));
(void)setpriority(PRIO_PROCESS, 0, 0);
! }
/*
* If trying to log in as root without Kerberos,
* but with insecure terminal, refuse the login attempt.
--
Chris Jewell home: chrisj@puffin.com 1341 Ramona Ave Hollister CA USA 95023
work: chrisj@dbaccess.com voice: 408-735-7545 fax: 408-735-0328
Cross Access Corp. 2900 Gordon Ave Santa Clara, CA, USA, 95051