From 72e11e27895e4b611be275f5087453f6fe812e00 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Boric Date: Sun, 22 Jan 2017 16:18:49 +0100 Subject: [PATCH] Import NetBSD's passwd.conf Without this file, the NetBSD userland will fall back by default to the old, insecure classic UNIX password hashing algorithm. This is a big security issue. Please check docs/UPDATING for details. Change-Id: Ib85646ee4678f91384bab238426ee55ff26da011 --- distrib/sets/lists/minix-base/mi | 1 + docs/UPDATING | 8 ++++++++ etc/Makefile | 2 +- etc/passwd.conf | 9 +++++++++ 4 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 etc/passwd.conf diff --git a/distrib/sets/lists/minix-base/mi b/distrib/sets/lists/minix-base/mi index bb4cbec8b..fa2fc7ba9 100644 --- a/distrib/sets/lists/minix-base/mi +++ b/distrib/sets/lists/minix-base/mi @@ -116,6 +116,7 @@ ./etc/openssl/misc minix-base crypto ./etc/openssl/private minix-base crypto ./etc/passwd minix-base +./etc/passwd.conf minix-base ./etc/profile minix-base ./etc/protocols minix-base ./etc/pwd.db minix-base diff --git a/docs/UPDATING b/docs/UPDATING index 2617a39c2..724fd8802 100644 --- a/docs/UPDATING +++ b/docs/UPDATING @@ -1,3 +1,11 @@ +20170122: + MINIX 3 did not import NetBSD's passwd.conf file, which makes the + userland fall back by default to the old, broken UNIX password hashing + algorithm. Among other problems, it truncates passwords to the first + eight characters. + + Please install /etc/passwd.conf and reset your passwords with passwd. + 20160702: Some tools are required to generate the locale resources which are embedded into libintl, which is why you need to run the following: diff --git a/etc/Makefile b/etc/Makefile index d43567b7c..527da4454 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -96,7 +96,7 @@ UTMPGRP= utmp .if defined(__MINIX) BIN1+= boot.cfg.default \ man.conf \ - protocols rc rc.cd rc.subr \ + passwd.conf protocols rc rc.cd rc.subr \ rc.daemons.dist rs.inet rs.single \ services shells syslog.conf \ termcap utmp gettytab rc.shutdown diff --git a/etc/passwd.conf b/etc/passwd.conf new file mode 100644 index 000000000..600a0a28a --- /dev/null +++ b/etc/passwd.conf @@ -0,0 +1,9 @@ +# $NetBSD: passwd.conf,v 1.3 2010/12/03 21:40:04 jmmv Exp $ +# +# passwd.conf(5) - +# password configuration file +# + +default: + localcipher = sha1 + ypcipher = old -- 2.44.0