[Pkg-shadow-devel] passwd behavior

[Alexander Gattin]

Hi!

On Mon, Apr 03, 2006 at 11:39:33AM +0200, Tomasz Kłoczko wrote:
> incorrect. I was looking on some other passwd implementations and seems
> only shadow passwd blocades SIGINT (Ctrl-C). I don't see any real
> reasons for doing this (security or other).

AFAIR this is done to make life of password bruteforcer
harder. I.e. when he enters wrong _initial_ password,
PAM or no-pam-shadow will delay (for e.g. 3s IIRC). By
using ^C he/she will be ably to bypass this delay.

But when user enters _new_ passwword and _retypes_ it,
he/she shouldn't have SIGINT blocked.

> If passwd can be interrupted by Ctrl-C behavior described in above BR
> will not occure.

Agreed.

> And/or if blocade now SIGING is neccessary probably also must be added
> handling SIGABRT (Ctrl-\).

1st phase definitely needs virtually all signals to be
blocked including SIGKILL (just kidding, but well, this
can be enforced by security framework like selinux,
grsec or whatever, don't know is it possible ATM) -- so
that authentication goes undisturbed.

2nd phase (supplying _new_ password after being
successfully authenticated) does not need this, except
to ensure consistency of /etc/{passwd,shadow,group,gshadow}.

Latest issue (consistency) still needs to be
investigated.

-- 
WBR,
xrgtn