[Bug 810600] New: After zypper dup, yast defaults to DES encryption for user passwords
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c0 Summary: After zypper dup, yast defaults to DES encryption for user passwords Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: albert.passalacqua@gmail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0 After upgrading from openSUSE 12.2 to 12.3 via zypper dup, YaST defaults to DES password encryption (the selected value used to be SHA-512). Reproducible: Always -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c1 Virgil Brummond <uraharakisuke153@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |uraharakisuke153@gmail.com --- Comment #1 from Virgil Brummond <uraharakisuke153@gmail.com> 2013-03-25 02:12:41 UTC --- I can confirm DES password encryption being the default. I installed using openSUSE 12.3 64-bit Gnome Live CD. Does this cause any issues? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c Thomas Biege <thomas@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de AssignedTo|security-team@suse.de |yast2-maintainers@suse.de -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c2 Thomas Fehr <fehr@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|yast2-maintainers@suse.de |jsuchome@suse.com --- Comment #2 from Thomas Fehr <fehr@suse.com> 2013-03-25 17:20:28 UTC --- Reassigned to yast2-users. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c3 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |kukuk@suse.com InfoProvider| |albert.passalacqua@gmail.co | |m --- Comment #3 from Jiří Suchomel <jsuchome@suse.com> 2013-03-26 16:46:31 UTC --- Please attach your /etc/login.defs. Looks like it was not correctly updated... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c4 --- Comment #4 from Alberto Passalacqua <albert.passalacqua@gmail.com> 2013-03-31 03:53:17 UTC --- Created an attachment (id=532736) --> (http://bugzilla.novell.com/attachment.cgi?id=532736) login.defs file -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c5 Alberto Passalacqua <albert.passalacqua@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|albert.passalacqua@gmail.co | |m | --- Comment #5 from Alberto Passalacqua <albert.passalacqua@gmail.com> 2013-03-31 03:54:32 UTC --- I have attached my login.defs above, but it contains sha-512 because I have manually corrected the problem in YaST when I reported it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c6 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jsuchome@suse.com AssignedTo|jsuchome@suse.com |kukuk@suse.com --- Comment #6 from Jiří Suchomel <jsuchome@suse.com> 2013-04-02 06:52:41 UTC --- (In reply to comment #5)
I have attached my login.defs above, but it contains sha-512 because I have manually corrected the problem in YaST when I reported it.
Hm, than we cannot know for sure. Anyway, it looks like a pwdutils bug of not updating the files on upgrade. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c7 Thorsten Kukuk <kukuk@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|kukuk@suse.com |security-team@suse.de --- Comment #7 from Thorsten Kukuk <kukuk@suse.com> 2013-04-02 08:44:02 UTC --- /etc/login.defs has by default: ENCRYPT_METHOD SHA512 So, if this was changed to DES, somebody else changed this during installation/update, but I have no idea who this could be. The shadow package does not touch /etc/login.defs during update. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c Thomas Biege <thomas@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|security-team@suse.de |bnc-team-screening@forge.pr | |ovo.novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c8 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |kukuk@suse.com |ovo.novell.com | --- Comment #8 from Jiří Suchomel <jsuchome@suse.com> 2013-04-17 06:28:46 UTC --- Thorsten, the problem is, /etc/login.defs in 12.3 before 12.3 did not contain ENCRYPT_METHOD. And after update in question, it probably still does not contain it, hence YaST uses DES as a default value (when nothing other is present). So I think this might be a problem of _updating_ old login.defs file -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c9 Thorsten Kukuk <kukuk@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |albert.passalacqua@gmail.co | |m --- Comment #9 from Thorsten Kukuk <kukuk@suse.com> 2013-04-17 06:47:49 UTC --- But in that case, you have a rpmnew file next to it, and you have to merge manual. Don't know how this looks like today for openSUSE, but everywhere else it is documented that you have to look at the .rpm{new|save} files. And this does not match comment #1, which speaks about 12.3 LiveDVD installation, thus no update. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c10 --- Comment #10 from Virgil Brummond <uraharakisuke153@gmail.com> 2013-04-22 17:26:35 UTC --- I wanted to add, I installed openSUSE 12.3 32-bit KDE from the live dvd. I made sure during installation it said "sha-512". When I open YaST after installation the security module reports the password encryption as DES. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c11 --- Comment #11 from Jiří Suchomel <jsuchome@suse.com> 2013-04-23 05:48:28 UTC --- Virgil, that seems to be different problem than originally reported one. Do you know how /etc/login.defs looked after your installation? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c12 --- Comment #12 from Virgil Brummond <uraharakisuke153@gmail.com> 2013-04-24 16:33:44 UTC --- I suppose I would eat my hat if the problem is not related somehow. I did not want to file a new bug ticket. Here is my /etc/login.defs directly as I first boot. http://paste.opensuse.org/4459401 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c13 --- Comment #13 from Jiří Suchomel <jsuchome@suse.com> 2013-04-25 08:22:46 UTC --- I tested live installation and right after that, ENCRYPT_METHOD seems to be set correctly. But when I run yast2 security, it shows DES, like reported here. Seems like a problem in yast2-security. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|albert.passalacqua@gmail.co | |m | AssignedTo|kukuk@suse.com |jsuchome@suse.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c14 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |albert.passalacqua@gmail.co | |m --- Comment #14 from Jiří Suchomel <jsuchome@suse.com> 2013-04-25 12:27:52 UTC --- Could you try YaST package from https://build.opensuse.org/package/show?package=yast2-security&project=home%3Ajsuchome%3A12.3 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c15 --- Comment #15 from Virgil Brummond <uraharakisuke153@gmail.com> 2013-04-25 22:19:17 UTC --- @Jiri Suchomel I run 'cat /etc/login.defs | grep METHOD' and it shows me SHA512 at my first boot in a 12.3 net install. I installed the yast packages from that repository using zypper dup, and it does not now default to DES, it shows SHA-512 inside yast as it does with the login.defs. If I downgrade the packages, even without rebooting. Yast2 security module again shows DES as the default. I hope this helps. It seems I did check the value in Yast in my previous reports. I did not suspect the yast module as the cause. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c16 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- InfoProvider|albert.passalacqua@gmail.co |maintenance@opensuse.org |m | --- Comment #16 from Jiří Suchomel <jsuchome@suse.com> 2013-04-26 06:34:53 UTC --- Thanks, Virgil, exactly like my tests. Maintenance: can I prepare yast2-security for update? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c17 Benjamin Brunner <bbrunner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|maintenance@opensuse.org | --- Comment #17 from Benjamin Brunner <bbrunner@suse.com> 2013-04-26 13:47:22 CEST --- Jiri, feel free to open a maintenancerequest with the updated package. Thanks for your efforts and for the reports! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c18 Jiří Suchomel <jsuchome@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #18 from Jiří Suchomel <jsuchome@suse.com> 2013-04-26 12:15:23 UTC ---
osc maintenancerequest home:jsuchome:12.3 yast2-security openSUSE:12.3
Using target project 'openSUSE:Maintenance' 173508 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c19 --- Comment #19 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-04-26 15:00:08 CEST --- This is an autogenerated message for OBS integration: This bug (810600) was mentioned in https://build.opensuse.org/request/show/173508 Maintenance / -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=810600 https://bugzilla.novell.com/show_bug.cgi?id=810600#c20 --- Comment #20 from Swamp Workflow Management <swamp@suse.de> 2013-06-10 10:17:42 UTC --- openSUSE-RU-2013:0952-1: An update that has one recommended fix can now be installed. Category: recommended (low) Bug References: 810600 CVE References: Sources used: openSUSE 12.3 (src): yast2-security-2.23.6-1.8.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com