emo/shadow

Go to file

Samanta Navarro 8fc8de382a login_prompt: Do not parse environment variables

Parsing optional environment variables after a login name is a feature
which is neither documented nor available in util-linux or busybox
login which are other wide spread login utilities used in Linux
distributions as reference.

Removing this feature resolves two issues:

- A memory leak exists if variables without an equal sign are used,
  because set_env creates copies on its own. This could lead to OOM
  situations in privileged part of login or may lead to heap spraying.
- Environment variables are not reset between login attempts. This
  could lead to additional environment variables set for a user who
  never intended to do so.

Proof of Concept on a system with shadow login without PAM and
util-linux agetty:

1. Provoke an invalid login, e.g. user `noone` and password `invalid`.
   This starts shadow login and subsequent inputs are passed through
   the function login_prompt.
2. Provoke an invalid login with environment variables, e.g.
   user `noone HISTFILE=/tmp/owo` and password `invalid`.
3. Log in correctly with user `root`.

Now you can see with `echo $HISTFILE` that `/tmp/owo` has been set for
the root user.

This requires a malicious failed login attempt and a successful login
within the configured login timeout (default 60 seconds).

Signed-off-by: Samanta Navarro <ferivoz@riseup.net>

2023-05-03 07:54:28 -05:00

.builds

CI: add libbsd and pkg-config dependencies

2022-11-28 09:07:41 -06:00

.github

CI: Make build logs more readable

2023-04-18 09:21:09 +02:00

contrib

Remove superfluous casts

2023-02-09 10:03:03 -06:00

doc

doc: add contributions introduction

2023-04-03 10:42:22 -05:00

docs

fix spelling and unify whitespace

2021-08-18 18:06:02 +00:00

etc

run_parts for groupadd and groupdel

2023-04-26 17:38:24 -05:00

lib

semanage: disconnect to free libsemanage internals

2023-04-26 17:52:54 -05:00

libmisc

login_prompt: Do not parse environment variables

2023-05-03 07:54:28 -05:00

libsubid

Remove superfluous casts

2023-02-09 10:03:03 -06:00

man

libmisc, man: Drop old check and advice for complex character sets in passwords

2023-04-27 09:16:08 +02:00

Fix regression in some translation strings

2023-02-24 12:56:05 -06:00

CI: Make build logs more readable

2023-04-18 09:21:09 +02:00

src

run_parts for groupadd and groupdel

2023-04-26 17:38:24 -05:00

tests

fix typos

2023-04-26 17:35:58 -05:00

.editorconfig

Add .editorconfig

2023-03-02 16:33:06 -06:00

.gitignore

Show libsubid api version in subid.h

2021-12-05 08:02:57 -06:00

.travis.yml

CI: Make build logs more readable

2023-04-18 09:21:09 +02:00

acinclude.m4

configure: replace obsolete autoconf macros

2022-05-10 09:55:18 +02:00

AUTHORS.md

Update AUTHORS to add Marek Michałkiewicz

2023-04-24 09:01:22 +02:00

autogen.sh

undo accidental autogen.sh commit: enable-shared

2021-11-27 14:56:03 -06:00

ChangeLog

fix typos

2023-04-26 17:35:58 -05:00

configure.ac

libmisc/yesno.c: Use getline(3) and rpmatch(3)

2023-04-26 17:32:47 -05:00

COPYING

Update licensing info

2021-12-23 19:36:50 -06:00

Makefile.am

fix spelling and unify whitespace

2021-08-18 18:06:02 +00:00

NEWS

fix typos

2023-04-26 17:35:58 -05:00

README

Add README as symlink to README.md

2021-12-19 14:09:08 -06:00

README.md

README: add reference to contribution guidelines

2023-04-03 10:42:22 -05:00

SECURITY.md

SECURITY.md: add Iker Pedrosa

2023-03-20 10:54:45 -05:00

shadow.spec.in

* shadow.spec.in: Fix the source (new FTP).

2008-08-31 17:30:45 +00:00

TODO

fix spelling and unify whitespace

2021-08-18 18:06:02 +00:00

README.md

shadow-utils

Introduction

The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. The pwconv command converts passwords to the shadow password format. The pwunconv command unconverts shadow passwords and generates a passwd file (a standard UNIX password file). The pwck command checks the integrity of password and shadow files. The lastlog command prints out the last login times for all users. The useradd, userdel, and usermod commands are used for managing user accounts. The groupadd, groupdel, and groupmod commands are used for managing group accounts.

Sites

Contacts

There are several ways to contact us:

the general discussion mailing list
the #shadow IRC channel on libera.chat:
- irc://irc.libera.chat/shadow

Mailing archives

the general discussion mailing list archive
the commit mailing list archive, only used for historical purposes

Contributions

Contributions are welcome. Follow the guidelines before posting any patches.

Authors and maintainers

Authors and maintainers are listed in AUTHORS.md.

Languages

Shell 57.1%

C 40.6%

M4 0.9%

Yacc 0.8%

Makefile 0.4%

Other 0.1%