[Bug 1681] New: conversation function for passwd auth method assumes instead of fail
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Dec 4 02:23:28 EST 2009
https://bugzilla.mindrot.org/show_bug.cgi?id=1681
Summary: conversation function for passwd auth method assumes
instead of fail
Product: Portable OpenSSH
Version: 5.3p1
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: PAM support
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: zdenek.kotala at sun.com
PAM documentation says
(http://docs.sun.com/app/docs/doc/816-4863/emrbk?l=en&a=view):
----
Developers should make no assumptions about how PAM is to communicate
with users. Rather, the application should exchange messages with the
user until the operation is complete. Applications should display the
message strings for the conversation function without interpretation or
modification. An individual message can contain multiple lines, control
characters, or extra blank spaces. Note that service modules are
responsible for localizing any strings sent to the conversation
function.
----
But sshpam_passwd_conv() "Assumes that echo-off prompts are for the
password" and pass password as a reply. It could lead that password is
exposed to a wrong consumer.
Correct solution is to set AUTHTOK before pam_autheticate is called in
sshpam_auth_passwd() function.
Something like this:
pam_set_item(sshpam_handle, PAM_AUTHTOK, password);
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list