From anto@acct.inet.co.th  Wed Feb 10 20:56:48 1999
Received: from acct.inet.co.th (acct.inet.co.th [203.150.17.130])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA19500
          for <FreeBSD-gnats-submit@freebsd.org>; Wed, 10 Feb 1999 20:56:46 -0800 (PST)
          (envelope-from anto@acct.inet.co.th)
Received: (from anto@localhost)
	by acct.inet.co.th (8.8.8/8.8.8) id LAA03211;
	Thu, 11 Feb 1999 11:56:03 +0700 (ICT)
	(envelope-from anto)
Message-Id: <199902110456.LAA03211@acct.inet.co.th>
Date: Thu, 11 Feb 1999 11:56:03 +0700 (ICT)
From: Anto Prijosoesilo <anto@inet.co.th>
Reply-To: Anto Prijosoesilo <antop@netscape.net>
To: FreeBSD-gnats-submit@freebsd.org
Subject: Bug in keyinfo and keyinit
X-Send-Pr-Version: 3.2

>Number:         10019
>Category:       bin
>Synopsis:       Keyinfo and keyinit may use the wrong name if the uid is shared by multiple logins
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Feb 10 21:00:01 PST 1999
>Closed-Date:    Tue Jun 22 03:38:38 PDT 1999
>Last-Modified:  Tue Jun 22 10:20:02 PDT 1999
>Originator:     Anto Prijosoesilo
>Release:        FreeBSD 2.2.7-STABLE i386
>Organization:
Internet Thailand
>Environment:

FreeBSD acct.inet.co.th 2.2.7-STABLE FreeBSD 2.2.7-STABLE #0: Fri Nov 20 08:40:26 ICT 1998     anto@inet.co.th:/usr/src/sys/compile/ACCT  i386

>Description:

	If a uid is shared by multiple login names keyinfo and keyinit will
 default to the first name it finds that share the uid.

>How-To-Repeat:

	Create a user (ex: user1).
	Create another login name for that user (ex: user2).
	Login as user1 and run keyinit. It should say 'Adding user1:'.
	Login as user2 and run keyinit. It should say 'Adding user2:'.

	The last 2 steps above will actually say 'Adding user1' and
	'Updating user1'.

	While logged in as user1 run 'keyinfo' and 'keyinfo user1'.
	While logged in as user2 run 'keyinfo' and 'keyinfo user2'.

	One of the last 2 steps above will give different results.

>Fix:
	
diff -cr src.orig/usr.bin/keyinfo/keyinfo.pl src/usr.bin/keyinfo/keyinfo.pl
*** src.orig/usr.bin/keyinfo/keyinfo.pl	Thu Feb 11 11:37:23 1999
--- src/usr.bin/keyinfo/keyinfo.pl	Thu Feb 11 09:06:06 1999
***************
*** 14,19 ****
--- 14,23 ----
      $user = $ARGV[0];
  } else {
      $user = (getpwuid($<))[0];
+     $luser = getlogin;
+     if ($< == getpwnam($luser)) {
+         $user = $luser;
+     }
  }
  
  while (<K>) {
diff -cr src.orig/usr.bin/keyinit/skeyinit.c src/usr.bin/keyinit/skeyinit.c
*** src.orig/usr.bin/keyinit/skeyinit.c	Thu Feb 11 11:37:23 1999
--- src/usr.bin/keyinit/skeyinit.c	Thu Feb 11 09:10:35 1999
***************
*** 42,49 ****
  	gethostname(defaultseed,NAMELEN);
  	strcpy(&defaultseed[NAMELEN],tbuf);
  
! 	pp = ppuser = getpwuid(getuid());
! 	strcpy(me,pp->pw_name);
  	defaultsetup = 1;
  	if( argc > 1){
  		if(strcmp("-s", argv[1]) == 0)
--- 42,54 ----
  	gethostname(defaultseed,NAMELEN);
  	strcpy(&defaultseed[NAMELEN],tbuf);
  
! 	pp = getpwuid(getuid());
! 	strcpy(me,getlogin());
! 	ppuser = getpwnam(me);
! 	if (pp->pw_uid != ppuser->pw_uid) {
! 	  ppuser = pp;
! 	  strcpy(me,pp->pw_name);
! 	}
  	defaultsetup = 1;
  	if( argc > 1){
  		if(strcmp("-s", argv[1]) == 0)
>Release-Note:
>Audit-Trail:

From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
To: Anto Prijosoesilo <antop@netscape.net>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/10019: Bug in keyinfo and keyinit
Date: 11 Feb 1999 15:41:55 +0100

 Anto Prijosoesilo <anto@inet.co.th> writes:
 > 	If a uid is shared by multiple login names keyinfo and keyinit will
 >  default to the first name it finds that share the uid.
 
 You're not supposed to have multiple login names per UID. What do you
 expect to achieve by doing that, anyway?
 
 DES
 -- 
 Dag-Erling Smorgrav - des@flood.ping.uio.no

From: Anto Prijosoesilo <antop@netscape.net>
To: des@flood.ping.uio.no
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: [Re: bin/10019: Bug in keyinfo and keyinit]
Date: 12 Feb 99 10:04:47 ICT

 des@flood.ping.uio.no wrote:
 > Anto Prijosoesilo <anto@inet.co.th> writes:
 
 > > 	If a uid is shared by multiple login names keyinfo and keyinit will
 
 > >  default to the first name it finds that share the uid.
 
 > 
 
 > You're not supposed to have multiple login names per UID. What do you
 
 > expect to achieve by doing that, anyway?
 
 FreeBSD is setup with one. uid("root") == uid("toor").
 
 In my case, I need to allow several people to access a role account and I
 don't want them to share the same password.
 
 In any case, I figured that since s/key is name based, not uid based, the
 checks done by keyinfo/keyinit are supposed to follow that.
 
 Cheers,
 Anto.
 
 ____________________________________________________________________
 More than just email--Get your FREE Netscape WebMail account today at http://home.netscape.com/netcenter/mail

From: "Gary Palmer" <gpalmer@FreeBSD.ORG>
To: Anto Prijosoesilo <antop@netscape.net>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: [Re: bin/10019: Bug in keyinfo and keyinit] 
Date: Fri, 12 Feb 1999 03:30:08 -0500

 Anto Prijosoesilo wrote in message ID
 <199902120340.TAA27060@freefall.freebsd.org>:
 >  In my case, I need to allow several people to access a role account and I
 >  don't want them to share the same password.
 
 Give them individual accounts, and use a modified sudo (as found in ports) to 
 let them use their own passwords to get to the role account. We use it here to 
 allow operations staff limited access to some sysetms for monitoring and 
 debugging purposes, while letting system staff have full access.
 
 Some people hate sudo, so in all fairness I'll also mention runas, and the 
 fact that it probably wouldn't be too difficult to hack up your own program to 
 do this if you wanted.
 
 Gary
 --
 Gary Palmer                                          FreeBSD Core Team Member
 FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info
 
 

From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
To: Anto Prijosoesilo <antop@netscape.net>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: [Re: bin/10019: Bug in keyinfo and keyinit]
Date: 12 Feb 1999 12:54:27 +0100

 Anto Prijosoesilo <antop@netscape.net> writes:
 > des@flood.ping.uio.no wrote:
 > > You're not supposed to have multiple login names per UID. What do you
 > > expect to achieve by doing that, anyway?
 > FreeBSD is setup with one. uid("root") == uid("toor").
 
 "toor" is never used. It's meant to be "root with a different shell",
 but why people can't just type "exec /bin/sh" on the command line is
 beyond me.
 
 > In any case, I figured that since s/key is name based, not uid based, the
 > checks done by keyinfo/keyinit are supposed to follow that.
 
 Well, that's the least of your problems. Nearly every binary that does
 anything with file permissions etc. will in the best case get confused
 and in the worst case fail.
 
 DES
 -- 
 Dag-Erling Smorgrav - des@flood.ping.uio.no

From: Anto Prijosoesilo <antop@netscape.net>
To: gjp@gjp.erols.com, Dag-Erling Smorgrav <des@flood.ping.uio.no>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/10019: Bug in keyinfo and keyinit
Date: 13 Feb 99 16:02:21 ICT

 gjp@gjp.erols.com wrote:
 > Give them individual accounts, and use a modified sudo (as found in ports)
 to 
 
 > let them use their own passwords to get to the role account.
 
 Thanks for the suggestion. I'll probably go this route in the future.
 
 I think the point I was trying to make was valid though. If the system asks me
 for user1's S/Key password when I login as user1 and user2's when I do user2
 then I would expect the other related utilities to behave similarly. It they
 don't whether the "different" behavior is documented, I would assume that
 there's a bug.. right?. Especially when there's an easy fix to make them
 consistent.
 
 As long as there is this inconsistency I would view it as a bug. Changing the
 S/Key database to use uid instead of login names would make it consistent as
 far as S/Key is concerned.
 
 That would, however, break compatibility with regular UNIX authentication
 where each login name has its own password that isn't shared with others even
 those sharing the same UID.
 
 It would also break compatibility with OPIE.
 
 If you think this PR should be closed, please do. I'll keep my local changes
 because I like my system to be consistent.
 
 
 
 ____________________________________________________________________
 More than just email--Get your FREE Netscape WebMail account today at http://home.netscape.com/netcenter/mail
State-Changed-From-To: open->closed 
State-Changed-By: sheldonh 
State-Changed-When: Tue Jun 22 03:38:38 PDT 1999 
State-Changed-Why:  
"Especially when there's an easy fix to make them consistent" -- it may 
be easy, but see the perlfunc(1) manpage's description of getlogin(): 

Do not consider getlogin() for authentication: it 
is not as secure as getpwuid(). 

If you want to work on getting the S/Key db to use UID's, give it a bash. 
:-) 

From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
To: <sheldonh@FreeBSD.ORG>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/10019: Keyinfo and keyinit may use the wrong name if the uid is shared by multiple logins
Date: Tue, 22 Jun 1999 13:14:57 -0400 (EDT)

 <<On Tue, 22 Jun 1999 03:40:59 -0700 (PDT), <sheldonh@FreeBSD.ORG> said:
 
 > "Especially when there's an easy fix to make them consistent" -- it may
 > be easy, but see the perlfunc(1) manpage's description of getlogin():
 
 >                Do not consider getlogin() for authentication: it
 >                is not as secure as getpwuid().
 
 Perl's manual page is erroneous -- or rather, it reflects a
 historical situation which no longer prevails (at least not on *BSD).
 getlogin(2) is at least as secure as getpwuid(3) -- more so if YP is
 being used.
 
 -GAWollman
 
 --
 Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
 wollman@lcs.mit.edu  | O Siem / The fires of freedom 
 Opinions not those of| Dance in the burning flame
 MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick
 

From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc: freebsd-gnats-submit@FreeBSD.ORG
Subject: Re: bin/10019: Keyinfo and keyinit may use the wrong name if the uid is shared by multiple logins 
Date: Tue, 22 Jun 1999 19:16:34 +0200

 On Tue, 22 Jun 1999 13:14:57 -0400, Garrett Wollman wrote:
 
 > Perl's manual page is erroneous -- or rather, it reflects a
 > historical situation which no longer prevails (at least not on *BSD).
 > getlogin(2) is at least as secure as getpwuid(3) -- more so if YP is
 > being used.
 
 So do you think it's worth the effort required to support multiple
 usernames on the same UID?
 
 Ciao,
 Sheldon.
 
>Unformatted:
