blob: 9bd67d4e9b8f13f71d24647d58926cc048139974 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
|
* Notes
https://web.archive.org/web/20170327150148/http://www.penzin.net/bsdauth/
- In the man page for [[https://man.openbsd.org/auth_subr.3#auth_call][=auth_call=]] it says
#+begin_src text
path The full path name of the login script to run. The call will
fail if path does not pass the requirements of the secure_path(3)
function.
#+end_src
However I don't see this enforced anywhere, I even wrote a small test
script to prove it.
#+CAPTION: =authfail.c=
#+begin_src c
#include <sys/types.h>
#include <login_cap.h>
#include <bsd_auth.h>
#include <stdio.h>
int main(void) {
auth_session_t *as;
as = auth_open();
auth_call(as, "/home/dante/auth_tests/authtest/test", "hello", NULL);
auth_close(as);
}
#+end_src
Changing ="/home/dante/auth_tests/authtest/test"= to the location
of the =test= binary.
#+CAPTION: =test.c=
#+begin_src c
#include <stdio.h>
int main(void) {
printf("Hello! I don't have a secure path!\n");
return 0;
}
#+end_src
#+CAPTION: =Makefile=
#+begin_src makefile
CFLAGS = -Wall -Wextra
run: authfail test
./authfail
authfail: authfail.c
$(CC) -o $@ $(CFLAGS) $<
test: test.c
$(CC) -o $@ $(CFLAGS) $<
#+end_src
Which results in the following:
#+begin_src text
$ pwd && ls -l && make
/home/dante/auth_tests/authtest
total 12
-rw-r--r-- 1 dante dante 143 May 30 19:20 Makefile
-rw-r--r-- 1 dante dante 248 May 29 19:30 authfail.c
-rw-r--r-- 1 dante dante 115 May 29 19:22 test.c
cc -o authfail -Wall -Wextra authfail.c
cc -o test -Wall -Wextra test.c
./authfail
Hello! I don't have a secure path!
#+end_src
- The manpage also says the path is limited to =/bin/= and =/usr/bin=,
which is also not the case.
- The man page describes the interface for =auth_getitem= is in the
format of =AUTH_<item>=, but in reality it is =AUTHV_<item>=.
# Ask jcs about the file descriptor situation, I don't understand it
# after reading both the man page and source.
- The [[#auth_getchallenge][=auth_getchallenge=]] function in the [[https://man.openbsd.org/auth_subr.3#auth_getchallenge][=auth_subr(3)=]] man page
doesn't seem to exist in the source code.
** TODO How are these configured in login.conf?
|
