Discussion:
[SM-Security] shadow stable / -rc / test putting password hashes back into passwd/group
Thomas Orgis
2007-02-06 19:42:49 UTC
Permalink
----- Bad bug, fix in test -----

The last shadow update brought a nasty side effect in case you say "n"
to the "fix/convert accounts" question:
PRE_REMOVE executed pwunconv/grpunconv unconditionally on dispel - and
a dispel happens on every upgrade before the new version is installed.

Thus, an upgrade to recent shadow could leave you with the password
hashes back in /etc/passwd!
Please refer to bug 8834
(http://bugs.sourcemage.org/show_bug.cgi?id=8834) for details and
history on that one.
There is a fix in git and about to be in the next test tarball.

Every admin should have a look at his /etc/passwd and /etc/group and
check if he may need a run of pwconv and grpconv!
The updated version of the spell has some logic to detect un-shadowed
passwd files and in that case defaults to running pwconv/grpconv unless
you say no.
The malicious unconv calls in PRE_REMOVE are removed now and the update
to the fixed shadow will _not_ unconv your files.
Even an explicit dispel shadow will not convert the files back now -
if you really want to do that, execute *unconv before dispelling if you
wish.


Thomas.
Jeremy Blosser
2007-02-08 00:53:41 UTC
Permalink
This fix is now in the stable tarball. Any users who have upgraded their
systems to stable-0.6 and accepted the default 'no' answer to the shadow
spell's "Attempt to convert/fix accounts" query are urged to check their
/etc/passwd files for non-shadowed passwords. The latest shadow spell
update in stable will do this for you and ask one more time if you would
like it to fix the problem.

# scribe update stable
# cast -c shadow
Post by Thomas Orgis
----- Bad bug, fix in test -----
The last shadow update brought a nasty side effect in case you say "n"
PRE_REMOVE executed pwunconv/grpunconv unconditionally on dispel - and
a dispel happens on every upgrade before the new version is installed.
Thus, an upgrade to recent shadow could leave you with the password
hashes back in /etc/passwd!
Please refer to bug 8834
(http://bugs.sourcemage.org/show_bug.cgi?id=8834) for details and
history on that one.
There is a fix in git and about to be in the next test tarball.
Every admin should have a look at his /etc/passwd and /etc/group and
check if he may need a run of pwconv and grpconv!
The updated version of the spell has some logic to detect un-shadowed
passwd files and in that case defaults to running pwconv/grpconv unless
you say no.
The malicious unconv calls in PRE_REMOVE are removed now and the update
to the fixed shadow will _not_ unconv your files.
Even an explicit dispel shadow will not convert the files back now -
if you really want to do that, execute *unconv before dispelling if you
wish.
Thomas.
Loading...