strange behaviour when password longer than 512 bytes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I have seen a strange behaviour when I try to set a password longer than 512 bytes.

I guess because of CVE-2015-3238 the limit of the password was set to 512 bytes. That is why if I set a password of more than 512 bytes only first 512 are saved (maybe in this line). The problem is the remaining characters. Using passwd, the rest of the characters go outside the command and are interpreted by next command (usually another prompt). That is why if you set, for example, this password:

ThisisalooooooooooooongpasswordAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnm0123456789012345678901234567890CVEecho "Hello"

that is, 512 random characters and then echo "Hello", passwd set the password (only 512 characters) BUT the remaining characters are executed as a command. So with that password, passwd will update the password and then execute

echo "Hello"


[root@localhost ~]# passwd username
Changing password for user username.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost ~]# echo "Hello"
Hello

Why the remaining characters are executed? Why do not drop them? How can I manage them to prevent being interpreted by next command?

Cheers,

Pablo Hinojosa.    CC58B86B
PabloHinojosa.is



_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux