View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0010099 | Rocky Services | BugTracker | public | 2025-07-24 21:30 | 2025-07-24 21:30 |
| Reporter | Elias Alabssie | Assigned To | |||
| Priority | high | Severity | crash | Reproducibility | always |
| Status | new | Resolution | open | ||
| OS | Rocky Linux | OS Version | 8.1 | ||
| Summary | 0010099: The passwd Command Exhibits Unexpected Behavior | ||||
| Description | The passwd command derives the password hashing algorithm from the ENCRYPT_METHOD directive within the /etc/login.defs configuration file. For example, SHA512 is configured from the below output: cat /etc/login.defs | grep ENCRYPT_METHOD ENCRYPT_METHOD SHA512 However, if the ENCRYPT_METHOD directive is undefined or improperly configured, the passwd command exhibits unexpected behavior: 1. Segmentation Fault: When the ENCRYPT_METHOD directive is missing(left unconfigured), attempting to set a password with the passwd command results in a segmentation fault. [root@app] ~ # cat /etc/login.defs | grep ENCRYPT_METHOD ENCRYPT_METHOD Now, trying to change the password for the user "test", will results in a segmentation fault. [root@app] ~ # passwd test Changing password for user test. Segmentation fault (core dumped) 2. Garbage in "/etc/shadow" If an invalid or unknown hashing algorithm is specified in the ENCRYPT_METHOD directive, the passwd command does not properly validate the input. Instead of throwing an error and exiting gracefully, it proceeds to write erroneous or "garbage" data into the /etc/shadow file. This may leave the system in an unpredictable state or compromise password security. Configure ENCRYPT_METHOD to an invalid value, say "blablabla" [root@app] ~ # cat /etc/login.defs |grep ENCRYPT_METHOD ENCRYPT_METHOD blablabla Then change password for the user "test" [root@app] ~ # passwd test Changing password for user test. New password: Retype new password: passwd: all authentication tokens updated successfully. Now, Looking at the produced password hash in the /etc/shadow for the user test, it is garbage. [root@app] ~ # cat /etc/shadow|grep test test:SOSnC82QCsI.g:20284:0:99999:0::: ========================================================================= The "passwd command" version the above test was conducted on: passwd-0.80-4.el8.x86_64 The system that the test was conducted on: Rocky Linux version 8: NAME="Rocky Linux" VERSION="8.10 (Green Obsidian)" ID="rocky" ID_LIKE="rhel centos fedora" VERSION_ID="8.10" PLATFORM_ID="platform:el8" PRETTY_NAME="Rocky Linux 8.10 (Green Obsidian)" ANSI_COLOR="0;32" LOGO="fedora-logo-icon" CPE_NAME="cpe:/o:rocky:rocky:8:GA" HOME_URL="https://rockylinux.org/" BUG_REPORT_URL="https://bugs.rockylinux.org/" SUPPORT_END="2029-05-31" ROCKY_SUPPORT_PRODUCT="Rocky-Linux-8" ROCKY_SUPPORT_PRODUCT_VERSION="8.10" REDHAT_SUPPORT_PRODUCT="Rocky Linux" REDHAT_SUPPORT_PRODUCT_VERSION="8.10" | ||||
| Steps To Reproduce | See the description section | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-07-24 21:30 | Elias Alabssie | New Issue |
