From nobody Mon Jan 30 04:43:14 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P4wY25c06z3cKwS; Mon, 30 Jan 2023 04:43:18 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P4wY252Zkz3Bt1; Mon, 30 Jan 2023 04:43:18 +0000 (UTC) (envelope-from delphij@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675053798; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cCsQvG0h6P1YtnIhhTaSg8dhK9hXsgsdt4CZF1X2H7k=; b=p9FG893Bb8HwRJHt07qyjHr1i47QMLMfxcEZCKMryjTy8be7pwlo4ciH/nlyKCtuFShCKI 0D9zGWa8P9Xar/ejb/AIxCiRflYzfA6GgRxmk6pZj3d/UoRghTQ+o7p4EdYDCZ739/jJRM Cf7O0qVYGLGe1McgGqNnACq9LtGM34kzJhmpqVq86+z3IDl+WwC39xvwzr+jkoy4BxdYE4 t+mlcns904J/EMq64Fjauwy9HDOyx3lhWo48yD6pHM2ZnD0fhjOk5OtQszqke7ARkT+uL1 pGgloYFSHqRYpH22XoA+4L+xilBcItvjyGjCrC9IA+oF64eD8JMXj3RK52RjXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675053798; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=cCsQvG0h6P1YtnIhhTaSg8dhK9hXsgsdt4CZF1X2H7k=; b=JHU/kLQ8ppQHwyrAbj8wEMji4VFMBaBL/gka1nwh1F38j2GGi8fy3uUaPa7s29XFiliJKj fk4b2ZZfqxBFoxAAyNCA7FUe/WC2Zhx39epqr1+e9/nWllYpF1xzpQjWuJmzrHS3VC2ZdE fUJgre+aXfrnM1Aw3pKr81/AQbMGqRRQBmqZSar2lp+b3dZBloCFioxgA2BFxEWpO+tqGC 0l/sm1ETBXIiDZ9rZECqxQPwrEqpiWNSVNRzsud1SJQY5Czy2a/lzXIzavS07lNqI9bj5b wK97OecHGpncNuj7DqLAvxfHYj9Szj+YIAhrTI2mg8t45J0Drg1f2M11DVJdrQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675053798; a=rsa-sha256; cv=none; b=saj3m8bV0oYejc6JoUvA+VrmCRw6HorlY1CUbMD9YUDl24xTapO+5zbq70ueipT74/dQzZ Whwc0QEqcCqm1c+Ei4qZEfCw34+CnizKtemAZ3+yes+tuIwF6i9y0f9lmtJmt7mad9mI5B LlzOMjve1hyXciCefgbx2t2MTj2alAGyCHODpEj9HUQyYf3ikR71B8gVrv1z8RXmoXOuo/ EQXhs7oEFotZKQvMfzH3PC3qSjqrzHA/usqPkIh/nD3v8wsSW98PF9lnnqOh7Xgw1NTyZU ArnVwXGTTYnR8UccHX3dv1qxGXmIBHJYvbNxowI4dD9RtegHQziCSQ4UyhdiMQ== Received: from odin.corp.delphij.net (unknown [IPv6:2001:470:48ca:5:8a1:60b1:cb1e:3903]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: delphij/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4P4wY1595vz1Fd5; Mon, 30 Jan 2023 04:43:17 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Message-ID: <36e6638c-3b06-e235-3f30-08042bdbd082@FreeBSD.org> Date: Sun, 29 Jan 2023 20:43:14 -0800 List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 User-Agent: Thunderbird Subject: Re: git: 0deb25bd9d6d - main - pwd_mkdb(8): Don't copy comments from /etc/master.passwd to /etc/passwd. To: Jessica Clarke Cc: "src-committers@freebsd.org" , "dev-commits-src-all@freebsd.org" , "dev-commits-src-main@freebsd.org" References: <202301050648.3056mfrp075362@gitrepo.freebsd.org> Content-Language: en-US From: Xin Li Organization: The FreeBSD Project In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-ThisMailContainsUnwantedMimeParts: N On 2023-01-29 7:33 PM, Jessica Clarke wrote: > On 5 Jan 2023, at 06:48, Xin LI wrote: >> >> The branch main has been updated by delphij: >> >> URL: https://cgit.FreeBSD.org/src/commit/?id=0deb25bd9d6d2cdd4aa22f0e2754161e35f3785c >> >> commit 0deb25bd9d6d2cdd4aa22f0e2754161e35f3785c >> Author: Andre Albsmeier >> AuthorDate: 2010-03-11 10:53:47 +0000 >> Commit: Xin LI >> CommitDate: 2023-01-05 06:18:09 +0000 >> >> pwd_mkdb(8): Don't copy comments from /etc/master.passwd to /etc/passwd. >> >> The intention of /etc/passwd was to support legacy applications that are >> not yet converted to use modern API like getpwent(3). Comments are not >> defined in the legacy format, so copying them could break these >> applications. Plus, it could leak sensitive information (e.g. encrypted >> form of password of an user that was commented out instead of deleted >> or disabled). > > This broke usr.sbin/etcupdate/tests/preworld_test.sh. Ah, my bad. Fixed in 4bbf45cf5610 . > Jess > >> PR: bin/144652 >> MFC after: 1 month >> --- >> usr.sbin/pwd_mkdb/pwd_mkdb.c | 13 ++++++++----- >> 1 file changed, 8 insertions(+), 5 deletions(-) >> >> diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c >> index 6297bcb461db..261e7951a126 100644 >> --- a/usr.sbin/pwd_mkdb/pwd_mkdb.c >> +++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c >> @@ -462,11 +462,14 @@ main(int argc, char *argv[]) >> error("put"); >> } >> } >> - /* Create original format password file entry */ >> - if (is_comment && makeold){ /* copy comments */ >> - if (fprintf(oldfp, "%s\n", line) < 0) >> - error("write old"); >> - } else if (makeold) { >> + /* >> + * Create original style password file entry. >> + * >> + * Don't copy comments since this could reveal encrypted >> + * passwords if entries have been simply commented out >> + * in master.passwd. >> + */ >> + if (makeold && !is_comment) { >> char uidstr[20]; >> char gidstr[20]; >>