port-alpha: Re: Serious bug in passwd???

Subject: Re: Serious bug in passwd???
To: David Maxwell <david@vex.net>
From: Anders Hogrelius <ahs@hogrelius.nu>
List: port-alpha
Date: 03/18/2004 18:48:08
It seems it did something else, possibly related to the crash that occured
later this morning. _All_ passwords were corrupted, so no one could log
in, with the sole exception of the user I just had added using vipw. To be
able to restore the server, and even be able to login as root, I had to
copy passwd, master.passwd and spwd.db from the latest backup. Something
isn't right with passwd or vipw, or possibly on a lower level. I'm not
familiar enough with how handling of the passwords work to have a real
opinion on the subject. No matter what caused it to fail, I would argue
that no other failure should be allowed to propagate, and cause something
like this. If something fails when setting a new password, the worst case
scenario should be that the password wasn't changed.

The thing that happened with the files, was that master.passwd ended up
with the same contents as passwd, that is there were no password hashes
in spwd.db, and only * instead of the password in both files, for all
users except the last user added. As far as I know this shouldn't be able
to happen.


Anders

--
This cool Mail was sent on Thu 03/18/04 at 9:35AM PST


I'm a soldier, not a diplomat.  I can only tell the truth.
		-- Kirk, "Errand of Mercy", stardate 3198.9

*************************************************************************
* AHS Geoteknik
* Anders Hogrelius       Phone : +46 (0)70 6770210
* Tessingatan 12         E-mail: anders@hogrelius.nu
* SE-72216 Vasteras      Web:    http://www.hogrelius.nu/~ahs/
* SWEDEN

On Thu, 18 Mar 2004, David Maxwell wrote:

> On Thu, 18 Mar 2004, Anders Hogrelius wrote:
> > I just found out something that's seriously wrong in passwd. Since I use
> > 1.6.1, I can't say if it's still left in -current or in 1.6.2. What
> > happens is this: Lets say you change your mind, and dont want to change
> > your password. Hit ctrl+C, right? - Wrong!!! It doesn't leave your
> > password untouched, but instead writes a password with unprintable
> > characters.
>
> I've tested, and it does not do that.
>
> Firstly, to change your password, you are required to enter it twice.
> If control characters were allowed, the two passwords would still be
> required to match, which is unlikely if you're pressing things to break
> out of the program.
>
> Pressing Ctrl-C to break out of password does work, but because of the
> state the terminal is in, you have to hit enter to get a visible
> response.
>
> Try this: run passwd - when asked for your old passwd, press ^C, then
> enter.
>
> You neither get prompted for a new password, nor notified that you
> didn't manage to type the old password - you just get a prompt back -
> fairly normal for killing a process with ^C.
>
> It could be argued that passwd ought to reset the tty settings and exit
> cleanly on signals.
>
> > Logout after it happens, and you can't get back in, or
> > change your password since it will ask you for the old one. The problem
>
> I suspect you changed your password during testing, and didn't realize
> which one it still was set to.
>
> --
> David Maxwell, david@vex.net|david@maxwell.net -->
> Net Musing #5: Redundancy in a network doesn't mean two of everything and
> half the staff to run it.
> 					      - Tomas T. Peiser, CET
>