pwd_mkdb(8): Don't copy comments from /etc/master.passwd to /etc/passwd.
The intention of /etc/passwd was to support legacy applications that are not yet converted to use modern API like getpwent(3). Comments are not defined in the legacy format, so copying them could break these applications. Plus, it could leak sensitive information (e.g. encrypted form of password of an user that was commented out instead of deleted or disabled). PR: bin/144652 MFC after: 1 month
This commit is contained in:
parent
7daf96523b
commit
0deb25bd9d
@ -462,11 +462,14 @@ main(int argc, char *argv[])
|
|||||||
error("put");
|
error("put");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
/* Create original format password file entry */
|
/*
|
||||||
if (is_comment && makeold){ /* copy comments */
|
* Create original style password file entry.
|
||||||
if (fprintf(oldfp, "%s\n", line) < 0)
|
*
|
||||||
error("write old");
|
* Don't copy comments since this could reveal encrypted
|
||||||
} else if (makeold) {
|
* passwords if entries have been simply commented out
|
||||||
|
* in master.passwd.
|
||||||
|
*/
|
||||||
|
if (makeold && !is_comment) {
|
||||||
char uidstr[20];
|
char uidstr[20];
|
||||||
char gidstr[20];
|
char gidstr[20];
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user