Re: [Otpasswd-talk] some question on otpasswd 0.7 and master-HEAD

[Tomasz bla Fortuna]

Dnia Wed, 7 Sep 2011 03:36:26 +0900
Kazuaki Takase <address@hidden> napisał(a):

> hi, list
Hello!
> 
> I'm just new to otpasswd. I glad to meet this product.
> 
> I read the ChangeLog to knowing otpasswd more, then I had been find
> the line "Fixed security bug in static password handling."
> 
> I have three question for our use, below:
>   1. what is the "security bug" discribed in that?
It was a problem regarding hashing a static password which might be
optionally enabled to protect you from DoS attacks; I use it to send
myself an SMS with password. It did not affect other functions, you
might assume that static passwords don't work before this fix. 

Fix is in 7a405bc commit.
 
-       if (memcmp(salted_hash_new, salted_hash, sizeof(salted_hash))==0)
+       if (memcmp(salted_hash_new, salted_hash, 40) == 0)

Only the first 4 (or 8 at 64bit machines) bytes of hashes were
compared instead of 40. So the hash was much weaker than it should be.

>   2. Is the "security bug" also in 0.7(stable) ?
Fix is in commit before any 0.7 tags. Bug could only exist in 0.5
release. There are also testcases checking static passwords now and
static passwords works fine on my install.

>   3. Which should I install 0.7 and master-HEAD to securing/stably my
> system ?

Short answer: Latest tarball. Or if you like - HEAD.

Currently things looks like this:
1) I use for quite a long time 0.7-rc1 without any problems. It's rc1
and not 0.7 because I've ran into problems with running valgrind
(memory debugger) over new system, and was unable to execute
all memory-leak tests which I had prepared for previous versions. If
I'll be able to find some additional time (soon I hope) I'll end this
testing and mark 0.7-rc1 as finally a new stable version. But generally
you can use it, and it should work fine.

2) There's a previous stable version without any known security
problems (if you ignore lack of static passwords) but I advise against
using it. Newer version with agent utility split into two binaries has
a better control over suid code and should be safer. 

3) Things inside git/master after the 0.7_rc1 tag were added during
tests and stabilization of a new version. They should generally be safe
and not break anything and can sometimes be better than 0.7_rc1
tarball, but I don't see anything fancy there:

I've found there two additional returns (which in unlikely event of
some problem could cause another problem IF you didn't compile the
program with asserts). Some additional tests, some compilation quirks
for freebsd; most of the changes seems to be  a code-cleaning...

If possible you can go with current HEAD (1b200ade) it was left in a
stabilization/test phase, it compiles for me and runs all tests.

Run tests before using otpasswd, it will need a default config file
in /etc/otpasswd with DB=USER option; ./agent_otp --check-config should
be happy. Run 'ctest' in otpasswd directory then - first test failed
for me but that was an irrelevant easy fix (I'll commit it)


BTW. Most of the security problems which might be 'caused' by otpasswd
come from using DB=GLOBAL option and suid otp_agent. If you don't need
it, don't use it (use DB=USER). You don't have any new suids in your
system then and at the level of PAM code this OTP versions don't really
differ.


Best regards and thanks for questions, ;)
-- 
Tomasz bla Fortuna
jid: bla(at)af.gliwice.pl
pgp: 0x90746E79 @ pgp.mit.edu
www: http://bla.thera.be

signature.asc
Description: PGP signature