On 5 Jan 2023, at 06:48, Xin LI <[email protected]> wrote:
>
> The branch main has been updated by delphij:
>
> URL:
> https://cgit.FreeBSD.org/src/commit/?id=0deb25bd9d6d2cdd4aa22f0e2754161e35f3785c
>
> commit 0deb25bd9d6d2cdd4aa22f0e2754161e35f3785c
> Author: Andre Albsmeier <[email protected]>
> AuthorDate: 2010-03-11 10:53:47 +0000
> Commit: Xin LI <[email protected]>
> CommitDate: 2023-01-05 06:18:09 +0000
>
> pwd_mkdb(8): Don't copy comments from /etc/master.passwd to /etc/passwd.
>
> The intention of /etc/passwd was to support legacy applications that are
> not yet converted to use modern API like getpwent(3). Comments are not
> defined in the legacy format, so copying them could break these
> applications. Plus, it could leak sensitive information (e.g. encrypted
> form of password of an user that was commented out instead of deleted
> or disabled).
This broke usr.sbin/etcupdate/tests/preworld_test.sh.
Jess
> PR: bin/144652
> MFC after: 1 month
> ---
> usr.sbin/pwd_mkdb/pwd_mkdb.c | 13 ++++++++-----
> 1 file changed, 8 insertions(+), 5 deletions(-)
>
> diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c
> index 6297bcb461db..261e7951a126 100644
> --- a/usr.sbin/pwd_mkdb/pwd_mkdb.c
> +++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c
> @@ -462,11 +462,14 @@ main(int argc, char *argv[])
> error("put");
> }
> }
> - /* Create original format password file entry */
> - if (is_comment && makeold){ /* copy comments */
> - if (fprintf(oldfp, "%s\n", line) < 0)
> - error("write old");
> - } else if (makeold) {
> + /*
> + * Create original style password file entry.
> + *
> + * Don't copy comments since this could reveal encrypted
> + * passwords if entries have been simply commented out
> + * in master.passwd.
> + */
> + if (makeold && !is_comment) {
> char uidstr[20];
> char gidstr[20];
>
