Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make the sp_lstchg shadow field reproducible (re. #71) #146

Merged
merged 2 commits into from Apr 21, 2019
Merged

Make the sp_lstchg shadow field reproducible (re. #71) #146

merged 2 commits into from Apr 21, 2019

Conversation

lamby
Copy link
Contributor

@lamby lamby commented Jan 2, 2019

From #71:

The third field in the /etc/shadow file (sp_lstchg) contains the date of
the last password change expressed as the number of days since Jan 1, 1970.
As this is a relative time, creating a user today will result in:

username:17238:0:99999:7:::
whilst creating the same user tomorrow will result in:

username:17239:0:99999:7:::
This has an impact for the Reproducible Builds[0] project where we aim to
be independent of as many elements the build environment as possible,
including the current date.

This patch changes the behaviour to use the SOURCE_DATE_EPOCH[1]
environment variable (instead of Jan 1, 1970) if valid.

This updated PR adds some missing calls to gettime (). This was originally
filed by Johannes Schauer in Debian as #917773 [2].

[0] https://reproducible-builds.org/
[1] https://reproducible-builds.org/specs/source-date-epoch/
[2] https://bugs.debian.org/917773

@hallyn
Copy link
Member

hallyn commented Jan 3, 2019
edited

Is there any security concern here? It seems like the only possible problem would be if a user with no shadow entry called passwd with a future date for SOURCE_DATE_EPOCH.

@lamby
Copy link
Contributor Author

lamby commented Jan 3, 2019

What would be the hypothetical attack there, just out of interest?

(re. security, there are other related discussions, possibly from yourself, on this area in the above links IIRC)

@hallyn
Copy link
Member

hallyn commented Jan 4, 2019

The only attack I can imagine is delaying/preventing password aging. But I'm often not very imgaintaive...

@lamby
Copy link
Contributor Author

lamby commented Jan 4, 2019

Nor I, alas. :) I don't believe there is an issue, obviously...

@t8m
Copy link
Contributor

t8m commented Jan 4, 2019

Actually it would be a security issue if user without preexisting shadow entry could prevent password ageing on password change. Although the issue would be fairly low impact one. I'd suggest using secure_getenv() instead of normal getenv() in gettime().

@lamby
Copy link
Contributor Author

lamby commented Jan 4, 2019

Good idea re secure_getenv - pushed.

@hallyn
Copy link
Member

hallyn commented Jan 4, 2019

Stupid q - is there any libc which would not provide secure_getenv()? Actually the manpage says it's glibc-specific. Should a dummy helper be added if it's not defined?

@lamby
Copy link
Contributor Author

lamby commented Feb 13, 2019

Sorry for dropping this over the new year. Any update from you folks? :)

@hallyn
Copy link
Member

hallyn commented Feb 19, 2019

Any update from you folks? :)

Yes, I'd like discussion about my question - is there a libc we need to worry about which would not provide secure_getenv()?

@lamby
Copy link
Contributor Author

lamby commented Feb 19, 2019

is there a libc we need to worry about which would not provide secure_getenv()?

Busybox?

@lamby lamby force-pushed the reproducible-shadow-files branch from e1c1a2b to ee110bb Compare March 1, 2019 17:49
@lamby
Copy link
Contributor Author

lamby commented Mar 1, 2019

Updated to support the case where secure_getenv is not supported. Ready to merge. :)

@lamby
Make the sp_lstchg shadow field reproducible (re. shadow-maint#71)
fe34a2a 
From <shadow-maint#71>:

```
The third field in the /etc/shadow file (sp_lstchg) contains the date of
the last password change expressed as the number of days since Jan 1, 1970.
As this is a relative time, creating a user today will result in:

username:17238:0:99999:7:::
whilst creating the same user tomorrow will result in:

username:17239:0:99999:7:::
This has an impact for the Reproducible Builds[0] project where we aim to
be independent of as many elements the build environment as possible,
including the current date.

This patch changes the behaviour to use the SOURCE_DATE_EPOCH[1]
environment variable (instead of Jan 1, 1970) if valid.
```

This updated PR adds some missing calls to gettime (). This was originally
filed by Johannes Schauer in Debian as #917773 [2].

[0] https://reproducible-builds.org/
[1] https://reproducible-builds.org/specs/source-date-epoch/
[2] https://bugs.debian.org/917773
@lamby
gettime: Use secure_getenv over getenv.
3d92115
@lamby lamby force-pushed the reproducible-shadow-files branch from ee110bb to 3d92115 Compare March 31, 2019 15:00
@hallyn
Copy link
Member

hallyn commented Apr 21, 2019

Hi,

I'm going to merge this as is, but I have a feeling that it would be better to emulate secure_getenv() if libc doesn't provide it.

@hallyn hallyn merged commit 2c8171f into shadow-maint:master Apr 21, 2019
@josch josch mentioned this pull request Sep 1, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@lamby @hallyn @t8m