This is for UNICOS Cray. And currently I know that the OS and hardware have been officially retired. I have a question into one of my contacts at Cray to see if they know of any customers still running this old hardware, and if not then I'd suggest we strip the UNICOS port out as dead wood.
- Ben Bill Parker wrote:
Hello All, In reviewing some code in file 'bsd-cray.c', I found a possible issue where data in the following code may not be properly scrubbed in the case IA_BACKDOOR in function 'cray_setup', which is below: case IA_BACKDOOR: /* XXX: can we memset it to zero here so save some of this */ strlcpy(ue.ue_name, "root", sizeof(ue.ue_name)); strlcpy(ue.ue_dir, "/", sizeof(ue.ue_dir)); strlcpy(ue.ue_shell, "/bin/sh", sizeof(ue.ue_shell)); ue.ue_passwd[0] = '\0'; ue.ue_age[0] = '\0'; ue.ue_comment[0] = '\0'; ue.ue_loghost[0] = '\0'; ue.ue_logline[0] = '\0'; ue.ue_uid = -1; ue.ue_nice[UDBRC_INTER] = 0; where ue.ue_passwd[0] is set to NUL, there exists the potential that any data beyond ue.ue_passwd[0] is still accessible in memory as the following test program below demonstrates: #include<stdio.h> int main(void) { unsigned int n, l; char ue[50] = "ABCDEFGHIJKLMNPOQRSTUVWXYZ0123456789"; ue[0] = '\0'; /* set this to NULL */ printf("Contents of char ue[0] is: %s\n", ue); printf("Contents of char ue[1-36] is:"); for (n = 1; n< 36; n++) printf("%c", ue[n]); printf("\n"); return 0; } [bill@moocow ~]$ ./a.out Contents of char ue[0] is: Contents of char ue[1-36] is:BCDEFGHIJKLMNPOQRSTUVWXYZ0123456789 As you can see, data beyond ue[0] is still accessible, should the code not be changed to use memset() to scrub any sensitive information still stored in various arrays in IA_BACKDOOR (and perhaps other areas of code in bsd-cray.c, etc)? Bill Parker (wp02855 at gmail dot com) _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev