Date: Sat, 16 Jul 2016 19:05:29 +0300 From: Solar Designer <solar@...nwall.com> To: owl-dev@...ts.openwall.com Subject: Re: passwdqc code quality On Sat, Jul 16, 2016 at 06:40:21PM +0300, Solar Designer wrote: > I could not easily test pam_passwdqc with ASan, because doing so > requires(?) building a PAM application, like the passwd program, with > ASan as well, and I just didn't get around to this yet. Trying to > LD_PRELOAD the ASan library to our existing build of the passwd program > and running it as root didn't help. Oh, I just realized I should have > removed the SGID bit for this test. Removing the SGID bit did the trick, and there are no major findings: --- # LD_PRELOAD='/home/gcc/gcc-7-20160710/lib64/libasan.so /home/gcc/gcc-7-20160710/lib64/libubsan.so' passwd user You can now choose the new password or passphrase. A valid password should be a mix of upper and lower case letters, digits, and other characters. You can use an 8 character long password with characters from at least 3 of these 4 classes, or a 7 character long password containing characters from all the classes. An upper case letter that begins the password and a digit that ends it do not count towards the number of character classes used. A passphrase should be of at least 3 words, 11 to 40 characters long, and contain enough different characters. Alternatively, if no one else can see your terminal now, you can pick this as your password: "Bent6Mend3Cold". Enter new password: Re-type new password: passwd: all authentication tokens updated successfully ================================================================= ==497748==ERROR: LeakSanitizer: detected memory leaks Direct leak of 28 byte(s) in 1 object(s) allocated from: #0 0x2ba8dcb91a78 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62 #1 0x2ba8dee02597 in _IO_vasprintf /usr/src/world/rpm-work-2/BUILD/glibc-2.3.6/libio/vasprintf.c:79 SUMMARY: AddressSanitizer: 28 byte(s) leaked in 1 allocation(s). --- I also tried entering mismatched and weak passwords, and in all cases only the one vasprintf() leak was detected. In fact, it is detected even when I trigger early abort by not preloading the UBSan library: --- # LD_PRELOAD=~gcc/gcc-7-20160710/lib64/libasan.so passwd passwd: Module is unknown ================================================================= ==497822==ERROR: LeakSanitizer: detected memory leaks Direct leak of 31 byte(s) in 1 object(s) allocated from: #0 0x2b01cae19a78 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62 #1 0x2b01cc373597 in _IO_vasprintf /usr/src/world/rpm-work-2/BUILD/glibc-2.3.6/libio/vasprintf.c:79 SUMMARY: AddressSanitizer: 31 byte(s) leaked in 1 allocation(s). --- In that last case, I get the below in /var/log/messages: Jul 16 19:59:02 host passwd: PAM unable to dlopen(/lib64/security/pam_passwdqc.so): /lib64/security/pam_passwdqc.so: undefined symbol: __ubsan_handle_nonnull_arg Jul 16 19:59:02 host passwd: PAM adding faulty module: /lib64/security/pam_passwdqc.so So I guess the memory leak occurs somewhere outside of the PAM module. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.