Re: Login not reading /etc/login.conf.db

[christos%zoulas.com@localhost (Christos Zoulas)]

On Jun 26,  5:38am, darcy%NetBSD.org@localhost ("D'Arcy J.M. Cain") wrote:
-- Subject: Re: Login not reading /etc/login.conf.db

| On Wed, 25 Jun 2014 13:15:04 -0400
| christos%zoulas.com@localhost (Christos Zoulas) wrote:
| > On Jun 25, 12:52pm, darcy%NetBSD.org@localhost ("D'Arcy J.M. Cain") wrote:
| > -- Subject: Re: Login not reading /etc/login.conf.db
| > 
| > | Not sure if that would work for my situation.  In any case, that's
| > not | the real question.  The problem is that the login.conf.db file
| > is | ignored unless /etc/login.conf exists.  It can even be empty.
| > Why | can't it simply pick up the db file?
| > 
| > Because it checked before then, and the db pathname if formed later.
| > 
| > | Where is this actually checked by the way?  I couldn't find it.
| > 
| > http://nxr.netbsd.org/xref/src/lib/libutil/login_cap.c#80
| 
| OK, I read this and see a possible security flaw.  We check security on
| the ASCII file but if the db file exists we use it without checking.
| It seems to me that we should be checking security on the actual file
| that we will be using.  Not sure how to fix it.  I thought of a number
| of possibilities but they all wind up duplicating code.

What I've been thinking is to add a getcap1() call that takes a flags
argument and if the flags == 1, does the secure_file() check on the
databases it opens. But this is a 1/2 baked thought.

christos