bostic@OKEEFFE.BERKELEY.EDU (Keith Bostic) (10/02/87)
Subject: login problem Index: etc/getty/main.c 4.3BSD Description: It is suggested that the following fixes be applied to etc/getty/main.c, bin/login.c and man/man8/adduser.8. They take care of a security problem in 4.3BSD. Repeat-By: Use your imagination. Fix: Apply the following patches. *** main.c.old Thu Oct 1 13:43:02 1987 --- main.c.new Thu Oct 1 13:43:46 1987 *************** *** 11,17 **** #endif not lint #ifndef lint ! static char sccsid[] = "@(#)main.c 5.5 (Berkeley) 1/23/86"; #endif not lint /* --- 11,17 ---- #endif not lint #ifndef lint ! static char sccsid[] = "@(#)main.c 5.7 (Berkeley) 10/1/87"; #endif not lint /* *************** *** 166,171 **** --- 166,172 ---- tname = argv[1]; for (;;) { int ldisp = OTTYDISC; + int off = 0; gettable(tname, tabent, tabstrs); if (OPset || EPset || APset) *************** *** 172,177 **** --- 173,180 ---- APset++, OPset++, EPset++; setdefaults(); ioctl(0, TIOCFLUSH, 0); /* clear out the crap */ + ioctl(0, FIONBIO, &off); /* turn off non-blocking mode */ + ioctl(0, FIOASYNC, &off); /* ditto for asynchronous mode */ if (IS) tmode.sg_ispeed = speed(IS); else if (SP) *************** *** 217,222 **** --- 220,229 ---- oflush(); alarm(0); signal(SIGALRM, SIG_DFL); + if (name[0] == '-') { + puts("login names may not start with '-'."); + continue; + } if (!(upper || lower || digit)) continue; allflags = setflags(2); *************** *** 236,241 **** --- 243,249 ---- env[i] = environ[i]; makeenv(&env[i]); execle(LO, "login", "-p", name, (char *) 0, env); + syslog(LOG_ERR, "%s: %m", LO); exit(1); } alarm(0); *** login.c.old Thu Oct 1 14:01:30 1987 --- login.c.new Thu Oct 1 14:02:42 1987 *************** *** 122,127 **** --- 122,129 ---- printf("Only one of -r and -h allowed\n"); exit(1); } + if (argv[2] == 0) + exit(1); rflag = 1; usererr = doremotelogin(argv[2]); SCPYN(utmp.ut_host, argv[2]); *************** *** 195,202 **** */ if (rflag && !invalid) SCPYN(utmp.ut_name, lusername); ! else getloginname(&utmp); invalid = FALSE; if (!strcmp(pwd->pw_shell, "/bin/csh")) { ldisc = NTTYDISC; --- 197,210 ---- */ if (rflag && !invalid) SCPYN(utmp.ut_name, lusername); ! else { getloginname(&utmp); + if (utmp.ut_name[0] == '-') { + puts("login names may not start with '-'."); + invalid = TRUE; + continue; + } + } invalid = FALSE; if (!strcmp(pwd->pw_shell, "/bin/csh")) { ldisc = NTTYDISC; *** adduser.8.old Thu Oct 1 13:42:34 1987 --- adduser.8.new Thu Oct 1 13:51:08 1987 *************** *** 2,18 **** .\" All rights reserved. The Berkeley software License Agreement .\" specifies the terms and conditions for redistribution. .\" ! .\" @(#)adduser.8 6.2 (Berkeley) 5/23/86 .\" ! .TH ADDUSER 8 "May 23, 1986" .UC 4 .SH NAME adduser \- procedure for adding new users .SH DESCRIPTION A new user must choose a login name, which must not already appear in ! .I /etc/passwd. ! An account can be added by editing a line into the passwd file; this must ! be done with the password file locked e.g. by using .IR vipw (8). .PP A new user is given a group and user id. --- 2,19 ---- .\" All rights reserved. The Berkeley software License Agreement .\" specifies the terms and conditions for redistribution. .\" ! .\" @(#)adduser.8 6.4 (Berkeley) 10/1/87 .\" ! .TH ADDUSER 8 "October 1, 1987" .UC 4 .SH NAME adduser \- procedure for adding new users .SH DESCRIPTION A new user must choose a login name, which must not already appear in ! \fI/etc/passwd\fP or \fI/usr/lib/aliases\fP. It must also not begin with ! the hyphen (``-'') character. An account can be added by editing a line ! into the passwd file; this must be done with the password file locked ! e.g. by using .IR vipw (8). .PP A new user is given a group and user id. *************** *** 90,96 **** .br /usr/skel skeletal login directory .SH SEE ALSO ! passwd(1), finger(1), chsh(1), chfn(1), passwd(5), vipw(8) .SH BUGS User information should be stored in its own data base separate from the password file. --- 91,97 ---- .br /usr/skel skeletal login directory .SH SEE ALSO ! passwd(1), finger(1), chsh(1), chfn(1), aliases(5), passwd(5), vipw(8) .SH BUGS User information should be stored in its own data base separate from the password file.