Public bug reported:
My patch for the NIS shadow password security vulnerability introduced a new
bug.
One of my NIS users informed me
that she could not login any more after she had used chsh to change her
login shell. The reason was that in the shadow file, the encrypted
password had been replaced by an 'x'. This happens because in my
patch, file nis-pwd.c, the string "##<username>" is replaced with "x".
I thought that this replacement is necessary to let libc6 search for
the encrypted password in the shadow map. But now I found out that it
is not necessary and that without it everything works fine: logging in,
changing password and changing the shell.
I have attached a new patch that simply lets the password field of the
passwd.byname map alone
ProblemType: Bug
Architecture: amd64
Date: Tue Feb 23 16:17:28 2010
Dependencies:
libgcc1 1:4.2.4-1ubuntu3
gcc-4.2-base 4.2.4-1ubuntu3
libc6 2.7-10ubuntu5
DistroRelease: Ubuntu 8.04
Package: libc6 2.7-10ubuntu5
PackageArchitecture: amd64
ProcEnviron:
SHELL=/bin/tcsh
PATH=/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games
LANG=en_US.UTF-8
SourcePackage: glibc
Uname: Linux 2.6.24-24-generic x86_64
** Affects: glibc (Ubuntu)
Importance: Undecided
Status: New
** Tags: apport-bug
--
chsh overwrites encrypted password
https://bugs.launchpad.net/bugs/526530
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
