Ubuntu
eglibc package

chsh overwrites encrypted password

Bug #526530 reported by Christoph on 2010-02-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	eglibc (Ubuntu)	Fix Released	Medium	Kees Cook	Ubuntu ubuntu-10.04-beta-1
	Lucid	Fix Released	Medium	Kees Cook	Ubuntu ubuntu-10.04-beta-1

Bug Description

My patch for the NIS shadow password security vulnerability introduced a new bug.
One of my NIS users informed me
that she could not login any more after she had used chsh to change her
login shell. The reason was that in the shadow file, the encrypted
password had been replaced by an 'x'. This happens because in my
patch, file nis-pwd.c, the string "##<username>" is replaced with "x".

I thought that this replacement is necessary to let libc6 search for
the encrypted password in the shadow map. But now I found out that it
is not necessary and that without it everything works fine: logging in,
changing password and changing the shell.

I have attached a new patch that simply lets the password field of the
passwd.byname map alone

ProblemType: Bug
Architecture: amd64
Date: Tue Feb 23 16:17:28 2010
Dependencies:
libgcc1 1:4.2.4-1ubuntu3
gcc-4.2-base 4.2.4-1ubuntu3
libc6 2.7-10ubuntu5
DistroRelease: Ubuntu 8.04
Package: libc6 2.7-10ubuntu5
PackageArchitecture: amd64
ProcEnviron:
SHELL=/bin/tcsh
PATH=/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
LANG=en_US.UTF-8
SourcePackage: glibc
Uname: Linux 2.6.24-24-generic x86_64

Tags:

Related branches

lp:~ubuntu-core-dev/eglibc/eglibc-2.11-pkg

lp:ubuntu/lucid/eglibc

Revision history for this message

Christoph (christoph-pleger-cs) wrote on 2010-02-23:

nis-shadow.diff Edit (9.2 KiB, text/plain)

Revision history for this message

Kees Cook (kees) wrote on 2010-03-02:

Can you prepare a diff relative to the Lucid eglibc package, which contains the current upstream patch based on your original diff? It's not immediately clear what portion of that logic needs to be adjusted.

Revision history for this message

Kees Cook (kees) wrote on 2010-03-02:

Namely debian/patches/any/submitted-nis-shadow.diff

Changed in glibc (Ubuntu Lucid):
milestone:	none → ubuntu-10.04-beta-1
tags:	added: regression-potential

Brian Murray (brian-murray) on 2010-03-02

tags:

added: patch

Brian Murray (brian-murray) on 2010-03-03

tags:

added: patch-needswork
removed: patch

Revision history for this message

Christoph (christoph-pleger-cs) wrote on 2010-03-03: Re: [Bug 526530] Re: chsh overwrites encrypted password

nis-pwd.c.diff Edit (4.8 KiB, application/octet-stream; name="nis-pwd.c.diff")

Hello,

On Tue, 02 Mar 2010 19:51:47 -0000
Kees Cook <email address hidden> wrote:

> Can you prepare a diff relative to the Lucid eglibc package, which
> contains the current upstream patch based on your original diff? It's
> not immediately clear what portion of that logic needs to be adjusted.

The attached patch should perform the correct adjustments.

Regards
Christoph

Kees Cook (kees) on 2010-03-03

Changed in glibc (Ubuntu Lucid):
assignee:	nobody → Kees Cook (kees)
importance:	Undecided → Medium

Revision history for this message

Kees Cook (kees) wrote on 2010-03-03:

eglibc (2.11.1-0ubuntu4) lucid; urgency=low

  * debian/patches/any/submitted-nis-shadow.diff: updated to fix
    incorrect password overwriting (LP: #526530).
  * debian/control.in/main: update already uploaded g++ version Depend.