Import NetBSD's passwd.conf

Without this file, the NetBSD userland will fall back by default to the
old, insecure classic UNIX password hashing algorithm.

This is a big security issue. Please check docs/UPDATING for details.

Change-Id: Ib85646ee4678f91384bab238426ee55ff26da011

diff --git a/distrib/sets/lists/minix-base/mi b/distrib/sets/lists/minix-base/mi
index bb4cbec8b51207e4c9ba3346f05b776e396b7bf8..fa2fc7ba9a2661ba435d6005d1feb3828e06dacc 100644 (file)
--- a/distrib/sets/lists/minix-base/mi
+++ b/distrib/sets/lists/minix-base/mi
@@ -116,6 +116,7 @@
 ./etc/openssl/misc                                      minix-base      crypto
 ./etc/openssl/private                                   minix-base      crypto
 ./etc/passwd                                            minix-base
+./etc/passwd.conf                                       minix-base
 ./etc/profile                                           minix-base
 ./etc/protocols                                         minix-base
 ./etc/pwd.db                                            minix-base

diff --git a/docs/UPDATING b/docs/UPDATING
index 2617a39c2b4654c465fb16855176d653b8953ce8..724fd8802c71940bbb312c86c0476f4c931ef0e3 100644 (file)
--- a/docs/UPDATING
+++ b/docs/UPDATING
@@ -1,3 +1,11 @@
+20170122:
+       MINIX 3 did not import NetBSD's passwd.conf file, which makes the
+       userland fall back by default to the old, broken UNIX password hashing
+       algorithm. Among other problems, it truncates passwords to the first
+       eight characters.
+
+       Please install /etc/passwd.conf and reset your passwords with passwd.
+
 20160702:
        Some tools are required to generate the locale resources which are
        embedded into libintl, which is why you need to run the following:

diff --git a/etc/Makefile b/etc/Makefile
index d43567b7c4f617fdcd3dd82c8cf31a09c117401b..527da445467e49cf21e3a5ecb11469298908a92c 100644 (file)
--- a/etc/Makefile
+++ b/etc/Makefile
@@ -96,7 +96,7 @@ UTMPGRP= utmp
 .if defined(__MINIX)
 BIN1+= boot.cfg.default \
        man.conf \
-       protocols rc rc.cd rc.subr \
+       passwd.conf protocols rc rc.cd rc.subr \
        rc.daemons.dist rs.inet rs.single \
        services shells syslog.conf \
        termcap utmp gettytab rc.shutdown

diff --git a/etc/passwd.conf b/etc/passwd.conf
new file mode 100644 (file)
index 0000000..600a0a2
--- /dev/null
+++ b/etc/passwd.conf
@@ -0,0 +1,9 @@
+#      $NetBSD: passwd.conf,v 1.3 2010/12/03 21:40:04 jmmv Exp $
+#
+# passwd.conf(5) -
+#      password configuration file
+#
+
+default:
+       localcipher = sha1
+       ypcipher = old