Vulnerability Development mailing list archives

Re: vlock bug ? (fwd)

From: saw () MSU RU (Savochkin Andrey Vladimirovich)
Date: Sat, 20 Nov 1999 12:20:29 +0300


Hi,

On Thu, Nov 18, 1999 at 01:48:39PM +0100, m4rcyS wrote:

Plz take a look at this:

[> >[marcys@pentium marcys]$ vlock
This TTY is now locked.
Use Alt-function keys to switch to other virtual consoles.
Please enter the password to unlock.
marcys's Password:           [invalid passwd typed here]
root's Password:             [valid MARCYS's passwd typed]
[> >[marcys@pentium marcys]$
    
Shouldn't vlock accept root's passwd except marcys's passwd?


If your vlock isn't setuid-root and uses PAM (which in turn uses special
setuid-root binary helper to check passwords) then vlock works as expected.
TTY may be unlocked only by user's password independently of what vlock
prints.

The reason for this behavoiur is that the helper password check program only
allows unprivileged users to verify their own passwords.  Allowing them to
verify root's password opens a possibility for a brute-force attack.
In this scheme vlock is just an ordinary application invoked by user and
doesn't have any special privileges.

So the proper fix for the problem is a fix of vlock's prompts to
reflect what's really doing.
You may also wish to make vlock setuid-root but I don't recommend to do so.

Best regards
                                        Andrey V.
                                        Savochkin

Current thread:

Re: vlock bug ? (fwd) m4rcyS (Nov 18)
- Re: vlock bug ? (fwd) Seth R Arnold (Nov 18)
- Re: vlock bug ? (fwd) C.J. Oster (Nov 18)
- Re: vlock bug ? (fwd) Savochkin Andrey Vladimirovich (Nov 20)
- <Possible follow-ups>
- Re: vlock bug ? (fwd) Hull, Dave (Nov 19)
  - Re: vlock bug ? (fwd) Thomas Molina (Nov 19)