From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 4786 invoked by alias); 17 Feb 2010 13:15:40 -0000 Received: (qmail 4748 invoked by uid 48); 17 Feb 2010 13:15:27 -0000 Date: Wed, 17 Feb 2010 13:15:00 -0000 Message-ID: <20100217131527.4747.qmail@sourceware.org> From: "Christoph dot Pleger at cs dot tu-dortmund dot de" To: glibc-bugs@sources.redhat.com In-Reply-To: <20100105092632.11134.Christoph.Pleger@cs.tu-dortmund.de> References: <20100105092632.11134.Christoph.Pleger@cs.tu-dortmund.de> Reply-To: sourceware-bugzilla@sourceware.org Subject: [Bug libc/11134] getpwnam shows shadow passwords of NIS users X-Bugzilla-Reason: CC Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org X-SW-Source: 2010-02/txt/msg00074.txt.bz2 ------- Additional Comments From Christoph dot Pleger at cs dot tu-dortmund dot de 2010-02-17 13:15 ------- Hello, I am sorry that my patch for the NIS shadow password security vulnerability introduced a new bug. One of my NIS users informed me that she could not login any more after she had used chsh to change her login shell. The reason was that in the shadow file, the encrypted password had been replaced by an 'x'. This happens because in my patch, file nis-pwd.c, the string "##" is replaced with "x". I thought that this replacement is necessary to let libc6 search for the encrypted password in the shadow map. But now I found out that it is not necessary and that without it everything works fine: logging in, changing password and changing the shell. I have attached a new patch that simply lets the password field of the passwd.byname map alone. Regards Christoph -- http://sourceware.org/bugzilla/show_bug.cgi?id=11134 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.