[16134] in Kerberos-V5-bugs
[krbdev.mit.edu #8745] libss without readline can interfere with
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Wed Oct 3 18:45:11 2018
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: "Greg Hudson via RT" <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8745@krbdev.mit.edu>
Message-ID: <rt-8745-48876.1.61833809069719@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8745'":;
Date: Wed, 3 Oct 2018 18:43:24 -0400 (EDT)
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
Without readline support, libss uses a dummy version which just calls
fgets() on stdin.
krb5_read_password() (used by ktutil and kadmin) uses
krb5_prompter_posix(), which opens its own unbuffered copy of fd 0.
Therefore, it will not see any data buffered within stdin.
Put together, kadmin or ktutil can exhibit incorrect behavior when
fed mixed libss and password input over a pipe or from a file:
$ kadmin.local << EOF
cpw user
pw
pw
EOF
Authenticating as principal user/admin@KRBTEST.COM with password.
kadmin.local: Enter password for principal "user@KRBTEST.COM":
change_password: Cannot read password while reading password for
"user@KRBTEST.COM".
kadmin.local: kadmin.local: Unknown request "pw". Type "?" for
a request list.
kadmin.local: kadmin.local: Unknown request "pw". Type "?" for
a request list.
kadmin.local:
If ss is built with readline support, this bug does not manifest
because readline() is careful not to read any characters from fd 0
beyond the newline.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs