Bug 55000 - SetPassword causes usermod with password on the command line
Summary: SetPassword causes usermod with password on the command line
Alias: None
Product: accountsservice
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: Matthias Clasen
QA Contact:
: 66055 (view as bug list)
Depends on:
Reported: 2012-09-17 08:59 UTC by Stef Walter
Modified: 2018-08-07 09:30 UTC (History)
4 users (show)

See Also:
i915 platform:
i915 features:


Description Stef Walter 2012-09-17 08:59:16 UTC
Calling SetPassword() on the AccountsService results in a crypted password included on the command line. This seems to me to be minor security hole. It is the equivalent of having /etc/shadow readable by non-root users (albeit only for those who change their password via the AccountsService).

Any other local user can (in a default linux configuration) see the command lines of any other process on the system.

The relevant code is in src/user.c in the user_change_password_authorized_cb() function:

        argv[0] = "/usr/sbin/usermod";
        argv[1] = "-p";
        argv[2] = strings[0];
        argv[3] = "--";
        argv[4] = user->user_name;
        argv[5] = NULL;

strings[0] has been set to the crypted password in user_set_password(). The crypted password has been passed from the client (ie: gnome-control-center).
Comment 1 Ray Strode [halfline] 2012-09-17 15:59:04 UTC
Comment 2 Ray Strode [halfline] 2012-09-17 16:01:36 UTC
we should probably just drop this and get attachment 63941 [details] [review] (from bug 51833) in (with changes to make sure we don't repeat the same mistake)
Comment 3 Chris Wilson 2013-02-05 11:41:43 UTC
Hmm, right, that would not be along the spans path in the first place. Oh well, I can try one of the other workarounds I had earlier...
Comment 4 Chris Wilson 2013-02-05 11:42:17 UTC
Oops, wrong bug report, sorry.
Comment 5 Chris Wilson 2013-06-22 20:07:41 UTC
*** Bug 66055 has been marked as a duplicate of this bug. ***
Comment 6 Laurent Bigonville 2016-05-08 13:52:03 UTC
Apparently this is CVE-2012-6655
Comment 7 GitLab Migration User 2018-08-07 09:30:19 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/accountsservice/accountsservice/issues/8.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.