[1193] in linux-security and linux-alert archive
Re: [linux-security] Shadow passwd race condition
daemon@ATHENA.MIT.EDU (Marek Michalkiewicz)
Sat Oct 5 12:44:06 1996
From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
To: richard@hekkihek.hacom.nl
Date: Fri, 4 Oct 1996 16:32:41 +0200 (MET DST)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <52tnbv$1a1@zeus.hekkihek.hacom.nl> from "Richard Huveneers" at Oct 2, 96 12:31:59 pm
Hi,
> There is a race condition in the 'passwd' of the shadow password suite.
First of all: I would appreciate if you could report things like this
to me (the current maintainer of the shadow suite) first, and specify
the version of the package you have...
> It first fills in a struct spwd, then locks the /etc/shadow file and then
> writes the structure to the file.
Not any more, and not just because of the race condition - the info
from getspnam() might come from various sources, not necessarily from
the /etc/shadow file (NYS!). Since at least shadow-960810 (possibly
some earlier version, I'm not sure) we do (in this order): spw_lock(),
spw_open(), get the entry using spw_locate(), change anything we need
to change, call spw_update(), spw_close(), spw_unlock().
> Only the entry might be changed before locking the /etc/shadow file, for
> instance, the password might be locked by the sysadmin!
This is still possible, if the password is locked by the sysadmin after
the old password has been validated - it's not that simple to deal with,
as we don't want to lock the password files for too long. Should the
old password be checked again, after the file is locked but before
anything is changed? BTW, util-linux passwd does not seem to do this
either...
Current versions of the shadow suite are available (at least) from:
ftp://ftp.cin.net/usr/ggallag/shadow/
ftp://iguana.hut.fi/pub/linux/shadow/
ftp://ftp.icm.edu.pl/pub/Linux/shadow-pwr/
ftp://serek.arch.pwr.wroc.pl/pub/shadow/
ftp://ftp.ists.pwr.wroc.pl/pub/linux/shadow/
Unofficial shadow RPMs for RedHat 3.0.3 are available from:
ftp://ftp.broadwaynet.com/pub/shadow/
The latest "believed to be stable" version is shadow-960810. There
are even newer but experimental versions in the "dontuse" directory.
Please take a look at them and tell me if you think there are still
any problems. Thanks!
Marek