From anto@acct.inet.co.th Wed Feb 10 20:56:48 1999 Received: from acct.inet.co.th (acct.inet.co.th [203.150.17.130]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA19500 for ; Wed, 10 Feb 1999 20:56:46 -0800 (PST) (envelope-from anto@acct.inet.co.th) Received: (from anto@localhost) by acct.inet.co.th (8.8.8/8.8.8) id LAA03211; Thu, 11 Feb 1999 11:56:03 +0700 (ICT) (envelope-from anto) Message-Id: <199902110456.LAA03211@acct.inet.co.th> Date: Thu, 11 Feb 1999 11:56:03 +0700 (ICT) From: Anto Prijosoesilo Reply-To: Anto Prijosoesilo To: FreeBSD-gnats-submit@freebsd.org Subject: Bug in keyinfo and keyinit X-Send-Pr-Version: 3.2 >Number: 10019 >Category: bin >Synopsis: Keyinfo and keyinit may use the wrong name if the uid is shared by multiple logins >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Feb 10 21:00:01 PST 1999 >Closed-Date: Tue Jun 22 03:38:38 PDT 1999 >Last-Modified: Tue Jun 22 10:20:02 PDT 1999 >Originator: Anto Prijosoesilo >Release: FreeBSD 2.2.7-STABLE i386 >Organization: Internet Thailand >Environment: FreeBSD acct.inet.co.th 2.2.7-STABLE FreeBSD 2.2.7-STABLE #0: Fri Nov 20 08:40:26 ICT 1998 anto@inet.co.th:/usr/src/sys/compile/ACCT i386 >Description: If a uid is shared by multiple login names keyinfo and keyinit will default to the first name it finds that share the uid. >How-To-Repeat: Create a user (ex: user1). Create another login name for that user (ex: user2). Login as user1 and run keyinit. It should say 'Adding user1:'. Login as user2 and run keyinit. It should say 'Adding user2:'. The last 2 steps above will actually say 'Adding user1' and 'Updating user1'. While logged in as user1 run 'keyinfo' and 'keyinfo user1'. While logged in as user2 run 'keyinfo' and 'keyinfo user2'. One of the last 2 steps above will give different results. >Fix: diff -cr src.orig/usr.bin/keyinfo/keyinfo.pl src/usr.bin/keyinfo/keyinfo.pl *** src.orig/usr.bin/keyinfo/keyinfo.pl Thu Feb 11 11:37:23 1999 --- src/usr.bin/keyinfo/keyinfo.pl Thu Feb 11 09:06:06 1999 *************** *** 14,19 **** --- 14,23 ---- $user = $ARGV[0]; } else { $user = (getpwuid($<))[0]; + $luser = getlogin; + if ($< == getpwnam($luser)) { + $user = $luser; + } } while () { diff -cr src.orig/usr.bin/keyinit/skeyinit.c src/usr.bin/keyinit/skeyinit.c *** src.orig/usr.bin/keyinit/skeyinit.c Thu Feb 11 11:37:23 1999 --- src/usr.bin/keyinit/skeyinit.c Thu Feb 11 09:10:35 1999 *************** *** 42,49 **** gethostname(defaultseed,NAMELEN); strcpy(&defaultseed[NAMELEN],tbuf); ! pp = ppuser = getpwuid(getuid()); ! strcpy(me,pp->pw_name); defaultsetup = 1; if( argc > 1){ if(strcmp("-s", argv[1]) == 0) --- 42,54 ---- gethostname(defaultseed,NAMELEN); strcpy(&defaultseed[NAMELEN],tbuf); ! pp = getpwuid(getuid()); ! strcpy(me,getlogin()); ! ppuser = getpwnam(me); ! if (pp->pw_uid != ppuser->pw_uid) { ! ppuser = pp; ! strcpy(me,pp->pw_name); ! } defaultsetup = 1; if( argc > 1){ if(strcmp("-s", argv[1]) == 0) >Release-Note: >Audit-Trail: From: Dag-Erling Smorgrav To: Anto Prijosoesilo Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: bin/10019: Bug in keyinfo and keyinit Date: 11 Feb 1999 15:41:55 +0100 Anto Prijosoesilo writes: > If a uid is shared by multiple login names keyinfo and keyinit will > default to the first name it finds that share the uid. You're not supposed to have multiple login names per UID. What do you expect to achieve by doing that, anyway? DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no From: Anto Prijosoesilo To: des@flood.ping.uio.no Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: [Re: bin/10019: Bug in keyinfo and keyinit] Date: 12 Feb 99 10:04:47 ICT des@flood.ping.uio.no wrote: > Anto Prijosoesilo writes: > > If a uid is shared by multiple login names keyinfo and keyinit will > > default to the first name it finds that share the uid. > > You're not supposed to have multiple login names per UID. What do you > expect to achieve by doing that, anyway? FreeBSD is setup with one. uid("root") == uid("toor"). In my case, I need to allow several people to access a role account and I don't want them to share the same password. In any case, I figured that since s/key is name based, not uid based, the checks done by keyinfo/keyinit are supposed to follow that. Cheers, Anto. ____________________________________________________________________ More than just email--Get your FREE Netscape WebMail account today at http://home.netscape.com/netcenter/mail From: "Gary Palmer" To: Anto Prijosoesilo Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: [Re: bin/10019: Bug in keyinfo and keyinit] Date: Fri, 12 Feb 1999 03:30:08 -0500 Anto Prijosoesilo wrote in message ID <199902120340.TAA27060@freefall.freebsd.org>: > In my case, I need to allow several people to access a role account and I > don't want them to share the same password. Give them individual accounts, and use a modified sudo (as found in ports) to let them use their own passwords to get to the role account. We use it here to allow operations staff limited access to some sysetms for monitoring and debugging purposes, while letting system staff have full access. Some people hate sudo, so in all fairness I'll also mention runas, and the fact that it probably wouldn't be too difficult to hack up your own program to do this if you wanted. Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info From: Dag-Erling Smorgrav To: Anto Prijosoesilo Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: [Re: bin/10019: Bug in keyinfo and keyinit] Date: 12 Feb 1999 12:54:27 +0100 Anto Prijosoesilo writes: > des@flood.ping.uio.no wrote: > > You're not supposed to have multiple login names per UID. What do you > > expect to achieve by doing that, anyway? > FreeBSD is setup with one. uid("root") == uid("toor"). "toor" is never used. It's meant to be "root with a different shell", but why people can't just type "exec /bin/sh" on the command line is beyond me. > In any case, I figured that since s/key is name based, not uid based, the > checks done by keyinfo/keyinit are supposed to follow that. Well, that's the least of your problems. Nearly every binary that does anything with file permissions etc. will in the best case get confused and in the worst case fail. DES -- Dag-Erling Smorgrav - des@flood.ping.uio.no From: Anto Prijosoesilo To: gjp@gjp.erols.com, Dag-Erling Smorgrav Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: bin/10019: Bug in keyinfo and keyinit Date: 13 Feb 99 16:02:21 ICT gjp@gjp.erols.com wrote: > Give them individual accounts, and use a modified sudo (as found in ports) to > let them use their own passwords to get to the role account. Thanks for the suggestion. I'll probably go this route in the future. I think the point I was trying to make was valid though. If the system asks me for user1's S/Key password when I login as user1 and user2's when I do user2 then I would expect the other related utilities to behave similarly. It they don't whether the "different" behavior is documented, I would assume that there's a bug.. right?. Especially when there's an easy fix to make them consistent. As long as there is this inconsistency I would view it as a bug. Changing the S/Key database to use uid instead of login names would make it consistent as far as S/Key is concerned. That would, however, break compatibility with regular UNIX authentication where each login name has its own password that isn't shared with others even those sharing the same UID. It would also break compatibility with OPIE. If you think this PR should be closed, please do. I'll keep my local changes because I like my system to be consistent. ____________________________________________________________________ More than just email--Get your FREE Netscape WebMail account today at http://home.netscape.com/netcenter/mail State-Changed-From-To: open->closed State-Changed-By: sheldonh State-Changed-When: Tue Jun 22 03:38:38 PDT 1999 State-Changed-Why: "Especially when there's an easy fix to make them consistent" -- it may be easy, but see the perlfunc(1) manpage's description of getlogin(): Do not consider getlogin() for authentication: it is not as secure as getpwuid(). If you want to work on getting the S/Key db to use UID's, give it a bash. :-) From: Garrett Wollman To: Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: bin/10019: Keyinfo and keyinit may use the wrong name if the uid is shared by multiple logins Date: Tue, 22 Jun 1999 13:14:57 -0400 (EDT) < said: > "Especially when there's an easy fix to make them consistent" -- it may > be easy, but see the perlfunc(1) manpage's description of getlogin(): > Do not consider getlogin() for authentication: it > is not as secure as getpwuid(). Perl's manual page is erroneous -- or rather, it reflects a historical situation which no longer prevails (at least not on *BSD). getlogin(2) is at least as secure as getpwuid(3) -- more so if YP is being used. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick From: Sheldon Hearn To: Garrett Wollman Cc: freebsd-gnats-submit@FreeBSD.ORG Subject: Re: bin/10019: Keyinfo and keyinit may use the wrong name if the uid is shared by multiple logins Date: Tue, 22 Jun 1999 19:16:34 +0200 On Tue, 22 Jun 1999 13:14:57 -0400, Garrett Wollman wrote: > Perl's manual page is erroneous -- or rather, it reflects a > historical situation which no longer prevails (at least not on *BSD). > getlogin(2) is at least as secure as getpwuid(3) -- more so if YP is > being used. So do you think it's worth the effort required to support multiple usernames on the same UID? Ciao, Sheldon. >Unformatted: