[1190] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Shadow passwd race condition

daemon@ATHENA.MIT.EDU (Richard Huveneers)
Thu Oct 3 17:19:15 1996

To: linux-security@tarsier.cv.nrao.edu
Date: 2 Oct 1996 12:31:59 GMT
From: richard@hekkihek.hacom.nl (Richard Huveneers)
Reply-To: richard@hekkihek.hacom.nl


There is a race condition in the 'passwd' of the shadow password suite.

It first fills in a struct spwd, then locks the /etc/shadow file and then
writes the structure to the file.

Only the entry might be changed before locking the /etc/shadow file, for
instance, the password might be locked by the sysadmin!

>From a quick grep in the source it looks like 'passwd' is the only tool
which has this bug (the others contain a spw_locate() call).

Regards, Richard.


home help back first fref pref prev next nref lref last post