Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 16 Jul 2016 19:05:29 +0300
From: Solar Designer <>
Subject: Re: passwdqc code quality

On Sat, Jul 16, 2016 at 06:40:21PM +0300, Solar Designer wrote:
> I could not easily test pam_passwdqc with ASan, because doing so
> requires(?) building a PAM application, like the passwd program, with
> ASan as well, and I just didn't get around to this yet.  Trying to
> LD_PRELOAD the ASan library to our existing build of the passwd program
> and running it as root didn't help.  Oh, I just realized I should have
> removed the SGID bit for this test.

Removing the SGID bit did the trick, and there are no major findings:

# LD_PRELOAD='/home/gcc/gcc-7-20160710/lib64/ /home/gcc/gcc-7-20160710/lib64/' passwd user

You can now choose the new password or passphrase.

A valid password should be a mix of upper and lower case letters,
digits, and other characters.  You can use an 8 character long
password with characters from at least 3 of these 4 classes, or
a 7 character long password containing characters from all the
classes.  An upper case letter that begins the password and a
digit that ends it do not count towards the number of character
classes used.

A passphrase should be of at least 3 words, 11 to 40 characters
long, and contain enough different characters.

Alternatively, if no one else can see your terminal now, you can
pick this as your password: "Bent6Mend3Cold".

Enter new password: 
Re-type new password: 
passwd: all authentication tokens updated successfully

==497748==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 28 byte(s) in 1 object(s) allocated from:
    #0 0x2ba8dcb91a78 in __interceptor_malloc ../../../../libsanitizer/asan/
    #1 0x2ba8dee02597 in _IO_vasprintf /usr/src/world/rpm-work-2/BUILD/glibc-2.3.6/libio/vasprintf.c:79

SUMMARY: AddressSanitizer: 28 byte(s) leaked in 1 allocation(s).

I also tried entering mismatched and weak passwords, and in all cases
only the one vasprintf() leak was detected.  In fact, it is detected
even when I trigger early abort by not preloading the UBSan library:

# LD_PRELOAD=~gcc/gcc-7-20160710/lib64/ passwd
passwd: Module is unknown

==497822==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 31 byte(s) in 1 object(s) allocated from:
    #0 0x2b01cae19a78 in __interceptor_malloc ../../../../libsanitizer/asan/
    #1 0x2b01cc373597 in _IO_vasprintf /usr/src/world/rpm-work-2/BUILD/glibc-2.3.6/libio/vasprintf.c:79

SUMMARY: AddressSanitizer: 31 byte(s) leaked in 1 allocation(s).

In that last case, I get the below in /var/log/messages:

Jul 16 19:59:02 host passwd[497822]: PAM unable to dlopen(/lib64/security/ /lib64/security/ undefined symbol: __ubsan_handle_nonnull_arg
Jul 16 19:59:02 host passwd[497822]: PAM adding faulty module: /lib64/security/

So I guess the memory leak occurs somewhere outside of the PAM module.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.