Freeze exception for shadow
Dear RMs,
I would like to make an update for shadow to fix a bug in the SHA password
encryption method.
I don't think this patch would be required for security reasons (I consider
the current SHA method, with the bug, still more secure as the MD5 password
encryption method), but I would prefer to get it right in stable.
The patch, already applied upstream, is attached.
Together with that update, I would like to backport some patches for the
manpages:
- Document the -r, --system option in the useradd, groupadd, and newusers
manpages.
- Document the -c, --crypt-method and -s, --sha-rounds options in the
newusers manpage.
- Document the -k, --skel option in the useradd manpage.
And document some of the Debian patches (basically indicating that some of
them are now applied upstream).
Would an upload be OK for
* the fix for the SHA password encrypt method
* documentation of options
* documentation of patches
Best Regards,
--
Nekral
Index: libmisc/salt.c
===================================================================
--- libmisc/salt.c (révision 1988)
+++ libmisc/salt.c (copie de travail)
@@ -90,9 +90,10 @@
*/
static unsigned int SHA_salt_size (void)
{
- double rand_rounds = 9 * random ();
- rand_rounds /= RAND_MAX;
- return 8 + rand_rounds;
+ double rand_size;
+ seedRNG ();
+ rand_size = (double) 9.0 * random () / RAND_MAX;
+ return 8 + rand_size;
}
/* ! Arguments evaluated twice ! */
@@ -131,8 +132,8 @@
if (min_rounds > max_rounds)
max_rounds = min_rounds;
- srand (time (NULL));
- rand_rounds = (max_rounds-min_rounds+1) * random ();
+ seedRNG ();
+ rand_rounds = (double) (max_rounds-min_rounds+1.0) * random ();
rand_rounds /= RAND_MAX;
rounds = min_rounds + rand_rounds;
} else if (0 == *prefered_rounds)
Index: ChangeLog
===================================================================
--- ChangeLog (révision 1994)
+++ ChangeLog (copie de travail)
@@ -1,5 +1,15 @@
2008-05-20 Nicolas François <nicolas.francois@centraliens.net>
+ * NEWS, libmisc/salt.c (SHA_salt_size): Seed the RNG, and fix a
+ overflow. These caused the SHA salt size to always be 8 bytes,
+ instead of being in the 8-16 range. Thanks to Peter Vrabec
+ pvrabec@redhat.com for noticing.
+ * NEWS, libmisc/salt.c (SHA_salt_rounds): Seed the RNG with
+ seedRNG instead of srand, and fix the same overflow. This caused
+ the number of rounds to always be the smallest one.
+
+2008-05-20 Nicolas François <nicolas.francois@centraliens.net>
+
* man/newusers.8.xml man/groupmems.8.xml man/groupdel.8.xml
man/useradd.8.xml man/groupadd.8.xml man/newgrp.1.xml man/sg.1.xml
man/chgpasswd.8.xml man/groupmod.8.xml: Tag the section which
Index: NEWS
===================================================================
--- NEWS (révision 1994)
+++ NEWS (copie de travail)
@@ -2,6 +2,15 @@
shadow-4.1.1 -> shadow-4.1.2 UNRELEASED
+*** security:
+- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers,
+ chgpasswd; and also passwd if configured without PAM support).
+ The number of rounds and number of salt bytes was fixed to their lower
+ allowed values (resp. configurable and 8), hence voiding some of the
+ advantages of this encryption method. Dictionary attacks with
+ precomputed tables were easier than expected, but still harder than with
+ the MD5 (or DES) methods.
+
*** general:
- packaging
* Distribute the chfn, chsh, and userdel PAM configuration file.
Reply to: