Package: vlock
Version: 1.3-9
Severity: normal
Tags: patch

i think there's a possible security problem in case
pam_set_item(PAM_USER,...) or pam_set_item(PAM_USER_PROMPT,...) return
with an error:

in vlocks main() there's:

  /* get_password() sets the terminal characteristics and does not */
  /* return until the correct password has been read.              */

void
get_password(void)
{
   ...
    if (correct_password()) {
      restore_signals();
      restore_terminal();
      return;
    }
    ...
}


and:

static int
correct_password(void)
{
#ifdef USE_PAM
  /* Now use PAM to do authentication.
   */
  #define PAM_BAIL_PRE if (pam_error != PAM_SUCCESS) { \
     /* fix signals that may have been disordered by pam */ \
     set_signal_mask(0); \
     printf("SOMETHING IS VERY SERIOUSLY WRONG! '%s' BAILING!\n", \
         pam_strerror(pamh, pam_error)); fflush(stdout); \
     pam_end(pamh, PAM_SUCCESS); \
     return -1; \
     }
  ...
  pam_error = pam_set_item(pamh, PAM_USER_PROMPT, strdup(prompt));
  PAM_BAIL_PRE;
  ... (several more calls like this)

So whenever the if clause in PAM_BAIL_PRE is true (pam_set_item, call
didn't return success) correct_password() will return -1, which
get_password() thinks is fine and returns (password verified
successfully). This isn't much of an issue at the moment since current
libpam always returns PAM_SUCCESS for pam_set_item(PAM_USER{,PROMPT},
...) but since that implementation might change under our feet without
noticing it's worth fixing after all:

--- vlock-1.3/input.c.orig      2006-04-21 14:47:27.000000000 +0200
+++ vlock-1.3/input.c   2006-04-21 14:47:31.000000000 +0200
@@ -189,7 +189,7 @@
     }
 
     /* correct_password() sets the terminal status as necessary */
-    if (correct_password()) {
+    if (correct_password() > 0) {
       restore_signals();
       restore_terminal();
       return;

Cheers,
 -- Guido


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: powerpc (ppc)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16.7
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages vlock depends on:
ii  libc6                         2.3.6-7    GNU C Library: Shared libraries
ii  libpam0g                      0.79-3.1   Pluggable Authentication Modules l

vlock recommends no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to