I have seen a strange behaviour when I try to set a password longer than 512 bytes.
I guess because of CVE-2015-3238 the limit of the password was set to 512 bytes. That is why if I set a password of more than 512 bytes only first 512 are saved (maybe in this line). The problem is the remaining characters. Using passwd, the rest of the characters go outside the command and are interpreted by next command (usually another prompt). That is why if you set, for example, this password:
ThisisalooooooooooooongpasswordAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnm0123456789012345678901234567890CVEecho "Hello"
that is, 512 random characters and then echo "Hello", passwd set the password (only 512 characters) BUT the remaining characters are executed as a command. So with that password, passwd will update the password and then execute
echo "Hello"
[root@localhost ~]# passwd username
Changing password for user username.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# echo "Hello"
Hello
Why the remaining characters are executed? Why do not drop them? How can I manage them to prevent being interpreted by next command?
Cheers,
_______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list