[Pkg-shadow-devel] Bug#305600: Wait a second. This bug is not fixed
Martin Quinson
Martin Quinson <martin.quinson@loria.fr>, 305600@bugs.debian.org
Sun, 8 May 2005 13:32:07 +0200
--jI8keyz6grp/JLjh
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
reopen 305600
thanks
Hello,
I'm not completely sure about this one and thus woudn't like to see it
archived too fast. First, let me summarize how a normal user could use this
security hole (if any).
- Write a script which looks like login, ask for the password once, say the
pass is wrong (save it) and then exec the real login program.
- Login, run the script, and leave the program as a trap for the next user
to sit at this machine.
- Next user will type in login/pass, be surprised (and certainly think that
he did a typo), retry to log in, successfully this time.
=20
There is several ways for the trapped user to see that he was just trapped.
For example, login won't tell him that he just failed a login attempt. Or,
login's display is not the same just after a failed attempt than at the
begining.
But the point is that the user got trapped.
So, I reopen this bug just to leave the discussion open and see what
happens. In my opinion, this is a unfixable bug. Whatever we do in login to
prevent it could be done by an attacker, too. But I may well be wrong.
So, if you know a way to fix it, I'd be pleased to see it. patch welcome :)
Thanks, Mt.
--jI8keyz6grp/JLjh
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCffi3IiC/MeFF8zQRAr3qAKCQXFE8LG2lKIvrR26EnMPvDPK3rwCgjRQH
ZhFv7BifOpYSXuKBeISyG8Y=
=enRn
-----END PGP SIGNATURE-----
--jI8keyz6grp/JLjh--