Bug#5318: passwd <user> <pass> vulnerability
Package: passwd
Version: 1.0-5
When invoking passwd in the three argument style; ie-- as root, passwd <user> <passwd>, any user can issue 'ps auxw | grep passwd' and see the password in cleartext.
The real bug is not so much that the above 'hole' exists-- even with munging of the ps information, there will [won't there?] always be a small window of time in which the clear-text passwd can be had from the ps table.
The real bug is that the man page mentions nothing of this vulnerability-- it does mention that the three argument form is really useful within superuser invoked shell scripts and the like, but doesn't mention that it should *never* be invoked on a machine that may have untrusted logins.
b.bum
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: