pam_authentication leaks the password to unprivileged processes on the same machine

Created by: Quazgar

misc/pam_authentication/pam_authentication.c gets the password via command line arguments, which is inherently unsafe. Other processes on the same machine can easily sniff the plaintext password, since the command line arguments are world-readable.

Small proof-of-concept, to be running on the same machine as the server during login:

while true; do
  PAM_ID=$(pgrep pam_auth);
  [ $PAM_ID"x" == "x" ] || {
    echo "Yippie! PID(s) are: $PAM_ID";
    for P in $PAM_ID; do
      ps -q $P -o args=;
    done;
    echo -e "Yay!";
  }
done

Possible workarounds: pass the password as an environment variable or through a pipe, either a shell pipe or a FIFO special file.

Imported comments:

By Quazgar on 2020-06-12T12:44:15.780Z

closed

By Quazgar on 2020-06-10T14:24:11.514Z

mentioned in commit ba63d1c1

By Quazgar on 2020-06-10T13:41:28.271Z

reopened

By Quazgar on 2020-06-10T13:41:28.090Z

Not fixed for LDAP (instead of generic PAM).

By Quazgar on 2020-05-06T09:41:59.457Z

made the issue visible to everyone

By Quazgar on 2020-05-06T09:40:44.322Z

closed

By Quazgar on 2020-04-28T10:45:16.255Z

mentioned in merge request !38

By Quazgar on 2020-04-27T16:57:40.067Z

mentioned in commit 285b94ed

By Quazgar on 2019-11-20T12:48:54.730Z

assigned to @quazgar and unassigned @timm.fitschen

By Timm Fitschen on 2019-09-11T15:03:22.339Z

changed due date to September 18, 2019

By Timm Fitschen on 2019-09-03T06:27:07.762Z

changed due date to September 11, 2019

By Timm Fitschen on 2019-08-29T09:58:37.272Z

changed due date to September 04, 2019

By Timm Fitschen on 2019-08-29T09:58:33.952Z

changed due date to August 07, 2019

By Timm Fitschen on 2019-08-29T09:58:01.788Z

assigned to @timm.fitschen and unassigned @quazgar

By Quazgar on 2019-04-11T08:08:23.732Z

made the issue confidential

By Timm Fitschen on 2019-04-11T08:08:23 (imported from GitLab project)