Path: utzoo!attcan!uunet!husc6!bloom-beacon!EXPO.LCS.MIT.EDU!keith
From: keith@EXPO.LCS.MIT.EDU (Keith Packard)
Newsgroups: comp.windows.x
Subject: Re: xdm security troubles -- public patch availible
Message-ID: <8904181620.AA17116@expo.lcs.mit.edu>
Date: 18 Apr 89 16:20:48 GMT
References: <8904142204.AA02840@expo.lcs.mit.edu>
Sender: daemon@bloom-beacon.MIT.EDU
Organization: The Internet
Lines: 28


These two lines were supposed to have been in xdm all along, somehow
they escaped!

As the patch is so short and of general interest, I have included it
below.  It is also available as public patch number 10, anonymous
ftp expo.lcs.mit.edu pub/R3/fixes/fix10 or from the xstuff server
fix 10

The attached patch closes the "window of vulnerability" experienced
by xdm leaving the password around in memory.

*** /u/X/r3/clients/xdm/verify.c	Thu Oct 20 17:38:02 1988
--- clients/xdm/verify.c	Tue Apr 18 12:08:58 1989
***************
*** 53,61 ****
--- 53,63 ----
  		p = &joeblow;
  	Debug ("Verify %s %s\n", greet->name, greet->password);
  	if (strcmp (crypt (greet->password, p->pw_passwd), p->pw_passwd)) {
+ 		bzero (greet->password, strlen (greet->password));
  		Debug ("verify failed\n");
  		return 0;
  	}
+ 	bzero (greet->password, strlen (greet->password));
  	Debug ("verify succeeded\n");
  	verify->uid = p->pw_uid;
  #ifdef NGROUPS