[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Password problems

On Sat, Feb 16, 2008 at 09:38:03PM -0500, Frank McCormick wrote:
> On Sat, 16 Feb 2008 20:54:33 -0500
> "Douglas A. Tutty" <dtutty@porchlight.ca> wrote:
> > On Sat, Feb 16, 2008 at 08:15:07PM -0500, Frank McCormick wrote:
> > > On Sat, 16 Feb 2008 17:32:56 -0600
> > > "Russell L. Harris" <rlharris@oplink.net> wrote:
> > > > * Frank McCormick <fmccormick@videotron.ca> [080216 17:21]:
> > > > > 
> > > > > I changed my password using passwd...and now some apps want the
> > > > > old password...others want the new one!
> > > > > 
> > > > > For example when I do sudo aptitude update in a terminal sudo
> > > > > will only accept the new password...however if I run
> > > > > Synaptic...it will accept only the old password. What's going
> > > > > on here and how can it be fixed ?
> > > > 
> > > > Perhaps synaptic is asking for the password of the normal user --
> > > > not the password of root -- in order to access the keyring?
> > > 
> > >   There is no root account on this box. It has always asked me for
> > > my password as I am the first user. As I said this business didn't
> > > start until a changed my password.
> > 
> > Unix dosen't work without a root account.
> 
>    Sorry, what I meant was I have not enabled root on this machine.
> > 
> > However, this sounds like a bug in Synaptic.  It should _not_ be
> > storing the previous password but only using a mechanism that will
> > hash what you type and compare it with the password database.
> 
>   But it's not just Synaptic as it turns out...any program that uses the
> gtk? version of sudo (gtksudo?) wants the old password.

I purposly didn't trim anything here because I feel that this is very
important: (IMVHO)

If gtk apps are able to do things as root if you type in the old root
password but non-gtk apps will not work with the old root passwd but
will with the new root passwd, and if you can su (not sudo) to root
using the new root password but not the old root password, then gtk has
been storing the root password in some form.  I call that a breach plain
and simple.  It may be a design flaw that needs to be tracked down or it
could be that your particular box has been compromised.  Either way, I
would call the box compromised.  

I would find a temporary test box (any old box will do).  Install a gtk
system and test this out.  Use a gtk app that asks for the root
password, then change the root passwd with passwd (and not a gtk app)
and then see what the gtk app will accept.  If it will only accept the
old passwd then its a GTK design flaw.  If it will only accept the new
root passwd then your box has been compromised.

Either way, I'd pull your data off the box onto fresh backup media
labled "compromised backup" then reinstall.  I'd also be very leary of
using a gtk app that wants root.  

Actually, I never use the root passwd from X even if X isn't being run
as the root user.  Root is for CLI only IMHO.

Good luck.

Doug.
Reply to: