aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndre Albsmeier <Andre.Albsmeier@siemens.com>2010-03-11 10:53:47 +0000
committerXin LI <delphij@FreeBSD.org>2023-02-04 00:25:54 +0000
commit3e955733117d1068acbcc19d7113ab5c7ccef2c9 (patch)
tree8ee447e237dc1bd23c4153f15b5b0579a00422f1
parent66b882078973d6e2fce77f976e6c073d0786b3ca (diff)
downloadsrc-3e955733117d.tar.gz
src-3e955733117d.zip
pwd_mkdb(8): Don't copy comments from /etc/master.passwd to /etc/passwd.
The intention of /etc/passwd was to support legacy applications that are not yet converted to use modern API like getpwent(3). Comments are not defined in the legacy format, so copying them could break these applications. Plus, it could leak sensitive information (e.g. encrypted form of password of an user that was commented out instead of deleted or disabled). PR: bin/144652 (cherry picked from commit 0deb25bd9d6d2cdd4aa22f0e2754161e35f3785c)
-rw-r--r--usr.sbin/pwd_mkdb/pwd_mkdb.c13
1 files changed, 8 insertions, 5 deletions
diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c
index 6297bcb461db..261e7951a126 100644
--- a/usr.sbin/pwd_mkdb/pwd_mkdb.c
+++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c
@@ -462,11 +462,14 @@ main(int argc, char *argv[])
error("put");
}
}
- /* Create original format password file entry */
- if (is_comment && makeold){ /* copy comments */
- if (fprintf(oldfp, "%s\n", line) < 0)
- error("write old");
- } else if (makeold) {
+ /*
+ * Create original style password file entry.
+ *
+ * Don't copy comments since this could reveal encrypted
+ * passwords if entries have been simply commented out
+ * in master.passwd.
+ */
+ if (makeold && !is_comment) {
char uidstr[20];
char gidstr[20];