8fc8de382a
Parsing optional environment variables after a login name is a feature which is neither documented nor available in util-linux or busybox login which are other wide spread login utilities used in Linux distributions as reference. Removing this feature resolves two issues: - A memory leak exists if variables without an equal sign are used, because set_env creates copies on its own. This could lead to OOM situations in privileged part of login or may lead to heap spraying. - Environment variables are not reset between login attempts. This could lead to additional environment variables set for a user who never intended to do so. Proof of Concept on a system with shadow login without PAM and util-linux agetty: 1. Provoke an invalid login, e.g. user `noone` and password `invalid`. This starts shadow login and subsequent inputs are passed through the function login_prompt. 2. Provoke an invalid login with environment variables, e.g. user `noone HISTFILE=/tmp/owo` and password `invalid`. 3. Log in correctly with user `root`. Now you can see with `echo $HISTFILE` that `/tmp/owo` has been set for the root user. This requires a malicious failed login attempt and a successful login within the configured login timeout (default 60 seconds). Signed-off-by: Samanta Navarro <ferivoz@riseup.net> |
||
|---|---|---|
| .builds | ||
| .github | ||
| contrib | ||
| doc | ||
| docs | ||
| etc | ||
| lib | ||
| libmisc | ||
| libsubid | ||
| man | ||
| po | ||
| share | ||
| src | ||
| tests | ||
| .editorconfig | ||
| .gitignore | ||
| .travis.yml | ||
| acinclude.m4 | ||
| AUTHORS.md | ||
| autogen.sh | ||
| ChangeLog | ||
| configure.ac | ||
| COPYING | ||
| Makefile.am | ||
| NEWS | ||
| README | ||
| README.md | ||
| SECURITY.md | ||
| shadow.spec.in | ||
| TODO | ||
shadow-utils
Introduction
The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. The pwconv command converts passwords to the shadow password format. The pwunconv command unconverts shadow passwords and generates a passwd file (a standard UNIX password file). The pwck command checks the integrity of password and shadow files. The lastlog command prints out the last login times for all users. The useradd, userdel, and usermod commands are used for managing user accounts. The groupadd, groupdel, and groupmod commands are used for managing group accounts.
Sites
Contacts
There are several ways to contact us:
- the general discussion mailing list
- the #shadow IRC channel on libera.chat:
- irc://irc.libera.chat/shadow
Mailing archives
- the general discussion mailing list archive
- the commit mailing list archive, only used for historical purposes
Contributions
Contributions are welcome. Follow the guidelines before posting any patches.
Authors and maintainers
Authors and maintainers are listed in AUTHORS.md.