This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/11134] getpwnam shows shadow passwords of NIS users
- From: "Christoph dot Pleger at cs dot tu-dortmund dot de" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 17 Feb 2010 13:15:27 -0000
- Subject: [Bug libc/11134] getpwnam shows shadow passwords of NIS users
- References: <20100105092632.11134.Christoph.Pleger@cs.tu-dortmund.de>
- Reply-to: sourceware-bugzilla at sourceware dot org
------- Additional Comments From Christoph dot Pleger at cs dot tu-dortmund dot de 2010-02-17 13:15 -------
Hello,
I am sorry that my patch for the NIS shadow password security
vulnerability introduced a new bug. One of my NIS users informed me
that she could not login any more after she had used chsh to change her
login shell. The reason was that in the shadow file, the encrypted
password had been replaced by an 'x'. This happens because in my
patch, file nis-pwd.c, the string "##<username>" is replaced with "x".
I thought that this replacement is necessary to let libc6 search for
the encrypted password in the shadow map. But now I found out that it
is not necessary and that without it everything works fine: logging in,
changing password and changing the shell.
I have attached a new patch that simply lets the password field of the
passwd.byname map alone.
Regards
Christoph
--
http://sourceware.org/bugzilla/show_bug.cgi?id=11134
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.