oss-sec mailing list archives
Linux-PAM pam_unix/unix_chkpwd is fail-open
From: Solar Designer <solar () openwall com>
Date: Wed, 5 Mar 2014 00:54:53 +0400
Hi, Just off Twitter, but relevant to this list: <kragen> http://www.tedunangst.com/flak/post/thoughts-on-style-the-TLS-and-errors thoughts on #gotofail and how it's too easy for TLS software to "fail open". <@solardiz> @kragen @tedunangst Re: BSD auth not relying on exit code, it's relevant that Linux-PAM's pam_unix/unix_chkpwd does: https://git.fedorahosted.org/cgit/linux-pam.git/tree/modules/pam_unix/support.c?id=b0ec5d1e472a0cd74972bfe9575dcf6a3d0cad1c#n634 <@solardiz> @kragen @tedunangst We avoided this in our pam_tcb/tcb_chkpwd since its initial version in 2002: http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/tcb/tcb/pam_tcb/support.c?annotate=1.13 lines 441-451 TCB_MAGIC is 0x0a00ff7fUL This might not be viewed as a vulnerability in pam_unix/unix_chkpwd, but an authentication service being fail-open is against best practices. The issue is mitigated by the fact that unix_chkpwd is only used to check the user's own password, when unlocking an X desktop or GNU screen (when it's patched to use PAM). Another "mitigation" is that X desktop locking is generally fail-open anyway. ;-( Someone might want to patch this issue in Linux-PAM. Alexander
Current thread:
- Linux-PAM pam_unix/unix_chkpwd is fail-open Solar Designer (Mar 04)
- Re: Linux-PAM pam_unix/unix_chkpwd is fail-open Daniel Cegiełka (Mar 05)
- Re: Linux-PAM pam_unix/unix_chkpwd is fail-open cve-assign (Mar 07)
- Re: Linux-PAM pam_unix/unix_chkpwd is fail-open Solar Designer (Mar 07)