From nobody Sat Feb 04 00:26:48 2023 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P7tcn1RLbz3kvlM; Sat, 4 Feb 2023 00:26:49 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P7tcn0z35z3s1S; Sat, 4 Feb 2023 00:26:49 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675470409; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZiGUkp9bf7T5CRKbGaBXd+ApHfvO9koI3UBK1mO+llg=; b=hLi1YTYOzVy1hA5qAjmH0rpocZF/MldYZ1e+6GxPEzOiYoTVEXiTLDvHEbQQ1gHB3//z0w lxf7YhaPPYxk+yhbmPmWjJGvnWBMSwmUlSdHRsnjTF93vRy6PRL9pta/1r148tIKqOSDWt ncfmUmlRiKWPR1ir9beTXg9QD1h0/ZGNlkBDERci4PCC3RR6L3Mu1JgZIVPIrgUsloMajs Oqh/aDbLwkmOZYqltM7oqz+/fe2dRwGJfn7qDd0lNXd2tfuTlAw3RoPW8DGvZN+KO8P2nG 9Sw6n65GRlgH7zLihahWifNk66B3q2c74JmVvWkmjqC6laRn0fKRSg1QifWgOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675470409; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ZiGUkp9bf7T5CRKbGaBXd+ApHfvO9koI3UBK1mO+llg=; b=WbBd7G7V65cONBNtc//rm4cDakiH4xEe5YPi7zf75D21mcvw+84Nx2MDwljIuc7QJGnl3P sd982OAA0Xz6EtNNA+vxg+MH99LtJQvEevZZPH5HIBVTV75taflytdhSHeNp8K7rCi7wyD RS+QRKCs1XVtngyBCB32vHKNiPclR1B6mjzNHz7nI16sHM3brA/mxFgGtf0DT6WMVz72B0 BEKLQcWlkIHVlTzBA2Jo2hLe/NfLZrvxW5VQGMXHJnvftLGQSOCz0K78cFCPZN6mm4nOwD oaKrJeXOI/eiZRNJk+2Ycevpw4fPpjQdLMAGtOlEnVuLYkRMxAs5UJDozIXh5g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675470409; a=rsa-sha256; cv=none; b=RO3YWlH5nmcJfPpE1rZ8DBZ7roecCEiVt0pyXlEMdB/Ls9+Vf955+DSrHe6c8M4RY9pcFC K4E9BUvlb4r2xVwwVVcQmUDXJbjU6iuTkl9Dw2h5nV01jE96j4ER+EFb7WOcGvHl/CWN4W il5N5Zcz8Hpu2kIUI6rLVpY/nY+uk9k2iEcXR501a1e9LOEPNYjhLf9M2hyzqKDoF3U6Gh tyyt+Nab/V+DF2kPc7LUDmOgQuaf+a4OH+l5NOB+NSEzR/Itd+8nC35sfvU4Gu2QIZhFwa IymLgurighkPp6r5WOKrHtSjH4koOQSCvC9AGEiWYiZdfeylQAZL0RSCcDeZfQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P7tcm72mkzvTX; Sat, 4 Feb 2023 00:26:48 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 3140Qm4u053829; Sat, 4 Feb 2023 00:26:48 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 3140QmpB053828; Sat, 4 Feb 2023 00:26:48 GMT (envelope-from git) Date: Sat, 4 Feb 2023 00:26:48 GMT Message-Id: <202302040026.3140QmpB053828@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Xin LI Subject: git: 3e955733117d - stable/13 - pwd_mkdb(8): Don't copy comments from /etc/master.passwd to /etc/passwd. List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: delphij X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 3e955733117d1068acbcc19d7113ab5c7ccef2c9 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by delphij: URL: https://cgit.FreeBSD.org/src/commit/?id=3e955733117d1068acbcc19d7113ab5c7ccef2c9 commit 3e955733117d1068acbcc19d7113ab5c7ccef2c9 Author: Andre Albsmeier AuthorDate: 2010-03-11 10:53:47 +0000 Commit: Xin LI CommitDate: 2023-02-04 00:25:54 +0000 pwd_mkdb(8): Don't copy comments from /etc/master.passwd to /etc/passwd. The intention of /etc/passwd was to support legacy applications that are not yet converted to use modern API like getpwent(3). Comments are not defined in the legacy format, so copying them could break these applications. Plus, it could leak sensitive information (e.g. encrypted form of password of an user that was commented out instead of deleted or disabled). PR: bin/144652 (cherry picked from commit 0deb25bd9d6d2cdd4aa22f0e2754161e35f3785c) --- usr.sbin/pwd_mkdb/pwd_mkdb.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/usr.sbin/pwd_mkdb/pwd_mkdb.c b/usr.sbin/pwd_mkdb/pwd_mkdb.c index 6297bcb461db..261e7951a126 100644 --- a/usr.sbin/pwd_mkdb/pwd_mkdb.c +++ b/usr.sbin/pwd_mkdb/pwd_mkdb.c @@ -462,11 +462,14 @@ main(int argc, char *argv[]) error("put"); } } - /* Create original format password file entry */ - if (is_comment && makeold){ /* copy comments */ - if (fprintf(oldfp, "%s\n", line) < 0) - error("write old"); - } else if (makeold) { + /* + * Create original style password file entry. + * + * Don't copy comments since this could reveal encrypted + * passwords if entries have been simply commented out + * in master.passwd. + */ + if (makeold && !is_comment) { char uidstr[20]; char gidstr[20];