Skip Menu |
 

Download (untitled) / with headers
text/plain 2.1KiB
From pgresse@mail.club-internet.fr Wed Dec 9 16:02:18 1998
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id QAA26870 for <bugs@RT-11.MIT.EDU>; Wed, 9 Dec 1998 16:02:17 -0500
Received: from ppp-105-16.villette.club-internet.fr by MIT.EDU with SMTP
id AA00769; Wed, 9 Dec 98 16:02:15 EST
Received: (from pgresse@localhost)
by mail.club-internet.fr (8.9.0/8.9.0) id RAA31698
for krb5-bugs@mit.edu; Sun, 6 Dec 1998 17:47:29 +0100
Message-Id: <XFMail.981206174729.Philippe.Gresse@ifhamy.insa-lyon.fr>
Date: Sun, 06 Dec 1998 17:47:29 +0100 (CET)
From: Philippe Gresse <Philippe.Gresse@ifhamy.insa-lyon.fr>
Reply-To: Philippe.Gresse@ifhamy.insa-lyon.fr
To: krb5-bugs@MIT.EDU
Subject: How to get an admin passwd! :-/

Show quoted text
>Number: 675
>Category: krb5-admin
>Synopsis: How to get an admin passwd! :-/
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: closed
>Class: duplicate
>Submitter-Id: unknown
>Arrival-Date: Wed Dec 09 16:03:02 EST 1998
>Last-Modified: Thu Jul 5 21:35:50 EDT 2001
>Originator: Philippe Gresse <Philippe.Gresse@ifhamy.insa-lyon.fr>
>Organization:
>Release:
>Environment:
>Description:
Just done a mistype using kadmin... I then type ^C in order to have a new
command line. And you know what? kadmin reply with the message:
Unknown request "MYPASSWORD". Type "?" for a request list.
^^^^^^^^^^
(MYPASSWORD isn't my real password, of course! ;-)

Well, it's not a big bug, as it's necessary to have typed it correctly in order
to have the prompt... But it's still a bug! :)

PG

PS: My version? just installed KRB5B7.

--
Philippe Gresse
+33-6-12-60-28-07
Show quoted text
>How-To-Repeat:
>Fix:
>Audit-Trail:

Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: raeburn
Responsible-Changed-When: Thu Jul 5 21:34:31 2001
Responsible-Changed-Why:
reformat, categorize

State-Changed-From-To: open-closed
State-Changed-By: raeburn
State-Changed-When: Thu Jul 5 21:35:41 2001
State-Changed-Why:
Duplicate of 674.

Show quoted text
>Unformatted:
Download (untitled) / with headers
text/plain 2.5KiB
From pgresse@mail.club-internet.fr Wed Dec 9 16:02:08 1998
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id QAA26864 for <bugs@RT-11.MIT.EDU>; Wed, 9 Dec 1998 16:02:07 -0500
Received: from ppp-105-16.villette.club-internet.fr by MIT.EDU with SMTP
id AA15073; Wed, 9 Dec 98 16:02:02 EST
Received: (from pgresse@localhost)
by mail.club-internet.fr (8.9.0/8.9.0) id WAA00365
for krb5-bugs@mit.edu; Wed, 9 Dec 1998 22:03:42 +0100
Message-Id: <XFMail.981209220342.Philippe.Gresse@ifhamy.insa-lyon.fr>
Date: Wed, 09 Dec 1998 22:03:42 +0100 (CET)
From: Philippe Gresse <Philippe.Gresse@ifhamy.insa-lyon.fr>
Reply-To: Philippe.Gresse@ifhamy.insa-lyon.fr
To: krb5-bugs@MIT.EDU
Subject: How to get an admin passwd! :-/

Show quoted text
>Number: 674
>Category: krb5-admin
>Synopsis: How to get an admin passwd! :-/
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Dec 09 16:03:01 EST 1998
>Last-Modified: Thu Jul 5 21:36:21 EDT 2001
>Originator: Philippe Gresse <Philippe.Gresse@ifhamy.insa-lyon.fr>
>Organization:
>Release:
>Environment:
>Description:
Just done a mistype using kadmin... I then type ^C in order to have a new
command line. And you know what? kadmin reply with the message:
Unknown request "MYPASSWORD". Type "?" for a request list.
^^^^^^^^^^
(MYPASSWORD isn't my real password, of course! ;-)

Well, it's not a big bug, as it's necessary to have typed it correctly in order
to have the prompt... But it's still a bug! :)

PG

PS: My version? just installed KRB5B7.

--
Philippe Gresse
+33-6-12-60-28-07
Show quoted text
>How-To-Repeat:
>Fix:
>Audit-Trail:

From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: krb5-bugs@MIT.EDU, Philippe.Gresse@ifhamy.insa-lyon.fr
Cc: gnats-admin@RT-11.MIT.EDU, krb5-prs@RT-11.MIT.EDU
Subject: Re: pending/674: How to get an admin passwd! :-/
Date: Wed, 9 Dec 1998 21:10:57 -0500

Date: Wed, 09 Dec 1998 22:03:42 +0100 (CET)
From: Philippe Gresse <Philippe.Gresse@ifhamy.insa-lyon.fr>

PS: My version? just installed KRB5B7.

Krb5 Beta 7? That's a truely ancient version of Krb5; any particular
reason why you're not using the 1.0 release?

- Ted

Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: raeburn
Responsible-Changed-When: Thu Jul 5 21:32:49 2001
Responsible-Changed-Why:
reformat, categorize

Show quoted text
>Unformatted:
From wolfen@orcrist.teklaine.com Wed Dec 2 18:57:07 1998
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id SAA14935 for <bugs@RT-11.MIT.EDU>; Wed, 2 Dec 1998 18:57:02 -0500
Received: from orcrist.teklaine.com by MIT.EDU with SMTP
id AA09206; Wed, 2 Dec 98 18:56:49 EST
Received: (from root@localhost)
by orcrist.teklaine.com (8.9.1/8.9.1) id PAA22946;
Wed, 2 Dec 1998 15:55:13 -0800
Message-Id: <199812022355.PAA22946@orcrist.teklaine.com>
Date: Wed, 2 Dec 1998 15:55:13 -0800
From: root@orcrist.teklaine.com
Reply-To: root@orcrist.teklaine.com
To: krb5-bugs@MIT.EDU
Cc: bspindlr@tekchek.com
Subject: bug in kadmin
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 673
>Category: krb5-admin
>Synopsis: kadmin shows password when it shouldn't
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Dec 02 18:58:00 EST 1998
>Last-Modified: Thu Apr 4 17:22:23 EST 2002
>Originator: root@orcrist.teklaine.com
>Organization:
>Release: krb5-1.0.5
>Environment:
System: Linux orcrist 2.0.30 #5 Tue Jun 24 03:09:53 CDT 1997 i586 unknown
Architecture: i586
Show quoted text
>Description:

I have an entry in my kadm5.acl file as */admin@REALM
I go into kadmin as root/admin@REALM, if the first thing I do when I get into
kadmin is type ctrl c it says:
kadmin: Unknown request "PASSWORD". Type "?" for a request list.
Where PASSWORD is the password I typed to start kadmin as root/admin.
I realize this is a small bug that doesn't seem exploitable, however
it didn't seem like a wanted feature :)

I have not tested this on platforms other than the one listed above, so it
maybe only be a problem on linux. However just go into kadmin, and press
ctrl c before you do anything else

Show quoted text
>How-To-Repeat:
>Fix:
Sorry, dunno.
Show quoted text
>Audit-Trail:

Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: hartmans
Responsible-Changed-When: Thu Apr 4 17:22:10 2002
Responsible-Changed-Why:
This seems like an ss bug

Show quoted text
>Unformatted:
This is interesting. I'm not quite sure what causes this, and haven't
yet reproduced it, but I suspect something involving signal handling
and/or longjmp(), and possibly unfortunate interactions with stdio
buffers in fgets(). We may want to setvbuf() when reading passwords
with fgets(). Places to look at: util/ss/listen.c and
lib/krb5/os/read_pwd.c or lib/krb5/os/prompter.c (on the trunk).
From: tlyu@mit.edu
Subject: CVS Commit
* prompter.c (krb5_prompter_posix): Rewrite to no longer use
longjmp(), as well as to get a non-buffered stdio stream on stdin
to avoid passwords staying around in stdio buffers. This does
have the side effect of possibly losing pre-buffered input from an
application that reads from stdin using stdio functions prior to
calling the prompter, but hopefully those are rare.


To generate a diff of this commit:



cvs diff -r5.89 -r5.90 krb5/src/lib/krb5/ChangeLog
cvs diff -r1.50 -r1.51 krb5/src/lib/krb5/configure.in
cvs diff -r5.337 -r5.338 krb5/src/lib/krb5/os/ChangeLog
cvs diff -r5.13 -r5.14 krb5/src/lib/krb5/os/prompter.c