[Bug 1681] New: conversation function for passwd auth method assumes instead of fail

Fri Dec 4 02:23:28 EST 2009

https://bugzilla.mindrot.org/show_bug.cgi?id=1681

           Summary: conversation function for passwd auth method assumes
                    instead of fail
           Product: Portable OpenSSH
           Version: 5.3p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: P2
         Component: PAM support
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: zdenek.kotala at sun.com

PAM documentation says
(http://docs.sun.com/app/docs/doc/816-4863/emrbk?l=en&a=view):

----
Developers should make no assumptions about how PAM is to communicate
with users. Rather, the application should exchange messages with the
user until the operation is complete. Applications should display the
message strings for the conversation function without interpretation or
modification. An individual message can contain multiple lines, control
characters, or extra blank spaces. Note that service modules are
responsible for localizing any strings sent to the conversation
function.
----

But sshpam_passwd_conv() "Assumes that echo-off prompts are for the
password" and pass password as a reply. It could lead that password is
exposed to a wrong consumer.

Correct solution is to set AUTHTOK before pam_autheticate is called in 
sshpam_auth_passwd() function.

Something like this:

pam_set_item(sshpam_handle, PAM_AUTHTOK, password);

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.