emo/shadow

Go to file

Samanta Navarro a116e20c76 su: Prevent stack overflow in check_perms This is no real world security fix. The overflow could occur if too many layered subsystems are encountered because the function check_perms calls itself recursively. It would already take a misconfigured system for this to achieve it. Use an iterative approach by calling the do_check_perms in a loop instead of calling itself recursively. As a side note: At least GCC 13 optimized this code and already uses a jmp in its assembler code. I could only see the stack overflow by activating address sanitizer which prevented the optimization. Co-developed-by: Serge Hallyn <serge@hallyn.com> Signed-off-by: Samanta Navarro <ferivoz@riseup.net>		2023-05-25 08:25:42 -05:00
.builds	CI: add libbsd and pkg-config dependencies	2022-11-28 09:07:41 -06:00
.github	CI: Make build logs more readable	2023-04-18 09:21:09 +02:00
contrib	Remove superfluous casts	2023-02-09 10:03:03 -06:00
doc	doc: add contributions introduction	2023-04-03 10:42:22 -05:00
docs	fix spelling and unify whitespace	2021-08-18 18:06:02 +00:00
etc	run_parts for groupadd and groupdel	2023-04-26 17:38:24 -05:00
lib	def_load: avoid NULL deref	2023-05-22 10:23:12 +02:00
libmisc	subsystem: Prevent endless loop	2023-05-25 08:25:42 -05:00
libsubid	Remove superfluous casts	2023-02-09 10:03:03 -06:00
man	Update German translations	2023-05-11 11:05:59 -05:00
po	Update French translations	2023-05-15 08:42:40 -05:00
share	CI: Make build logs more readable	2023-04-18 09:21:09 +02:00
src	su: Prevent stack overflow in check_perms	2023-05-25 08:25:42 -05:00
tests	fix typos	2023-04-26 17:35:58 -05:00
.editorconfig	Add .editorconfig	2023-03-02 16:33:06 -06:00
.gitignore	Show libsubid api version in subid.h	2021-12-05 08:02:57 -06:00
.travis.yml	CI: Make build logs more readable	2023-04-18 09:21:09 +02:00
acinclude.m4	configure: replace obsolete autoconf macros	2022-05-10 09:55:18 +02:00
AUTHORS.md	Update AUTHORS to add Marek Michałkiewicz	2023-04-24 09:01:22 +02:00
autogen.sh	undo accidental autogen.sh commit: enable-shared	2021-11-27 14:56:03 -06:00
ChangeLog	fix typos	2023-04-26 17:35:58 -05:00
configure.ac	libmisc/yesno.c: Use getline(3) and rpmatch(3)	2023-04-26 17:32:47 -05:00
COPYING	Update licensing info	2021-12-23 19:36:50 -06:00
Makefile.am	fix spelling and unify whitespace	2021-08-18 18:06:02 +00:00
NEWS	fix typos	2023-04-26 17:35:58 -05:00
README	Add README as symlink to README.md	2021-12-19 14:09:08 -06:00
README.md	README: add reference to contribution guidelines	2023-04-03 10:42:22 -05:00
SECURITY.md	SECURITY.md: add Iker Pedrosa	2023-03-20 10:54:45 -05:00
shadow.spec.in	* shadow.spec.in: Fix the source (new FTP).	2008-08-31 17:30:45 +00:00
TODO	fix spelling and unify whitespace	2021-08-18 18:06:02 +00:00

README.md

shadow-utils

Introduction

The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. The pwconv command converts passwords to the shadow password format. The pwunconv command unconverts shadow passwords and generates a passwd file (a standard UNIX password file). The pwck command checks the integrity of password and shadow files. The lastlog command prints out the last login times for all users. The useradd, userdel, and usermod commands are used for managing user accounts. The groupadd, groupdel, and groupmod commands are used for managing group accounts.

Sites

Contacts

There are several ways to contact us:

the general discussion mailing list
the #shadow IRC channel on libera.chat:
- irc://irc.libera.chat/shadow

Mailing archives

the general discussion mailing list archive
the commit mailing list archive, only used for historical purposes

Contributions

Contributions are welcome. Follow the guidelines before posting any patches.

Authors and maintainers

Authors and maintainers are listed in AUTHORS.md.