View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004017 | unreal | installing | public | 2011-03-28 21:05 | 2011-06-06 05:05 |
| Reporter | ohnobinki | Assigned To | ohnobinki | ||
| Priority | low | Severity | minor | Reproducibility | have not tried |
| Status | resolved | Resolution | fixed | ||
| Product Version | 3.2.9-RC1 | ||||
| Fixed in Version | 3.2.9-RC2 | ||||
| Summary | 0004017: ./unreal gencloak can produce invalid cloak keys | ||||
| Description | Unrealircd requires that every cloak key used have at least one lowercase alphabetic character, one uppercase alphabetic character, and one number. kvant and coobra found out that ./unreal gencloak (./ircd -k) can produce an invalid cloak key. I think that unrealircd's cloak generator function 1. should produce longer keys (which will reduce the likeliness of this rare case happening). The fact that enough of the generated keys (see Steps to Reproduce) do not fit unrealircd's own criteria for strength suggests that the current length is lower than would be ideal 2. should automatically reject keys which don't fit its own requirements, possibly testing them with the same functions which parse a user's key in s_conf.c. Another option might be to test users' cloak keys with cracklib or something(?) | ||||
| Steps To Reproduce | This can be easily reproduced with the following script where you fix ``./src/ircd'' to point to your ircd binary: $ i=0; while ! ./src/ircd -k 2>&1 | grep -v -e ' ' | grep -e '^[^A-Z0-9]*$' -e '^[^a-z0-9]*$' -e '^[a-zA-Z]*$'; do i=$((i+1)); done; echo $i I get outputs such as: ohnobinki@ohnopublishing ~/unreal.1 $ i=0; while ! ./src/ircd -k 2>&1 | grep -v -e ' ' | grep -e '^[^A-Z0-9]*$' -e '^[^a-z0-9]*$' -e '^[a-zA-Z]*$'; do i=$((i+1)); done; echo $i TcQOxtSnDSO 129 ohnobinki@ohnopublishing ~/unreal.1 $ i=0; while ! ./src/ircd -k 2>&1 | grep -v -e ' ' | grep -e '^[^A-Z0-9]*$' -e '^[^a-z0-9]*$' -e '^[a-zA-Z]*$'; do i=$((i+1)); done; echo $i KIoIvnRNrv 10 ohnobinki@ohnopublishing ~/unreal.1 $ i=0; while ! ./src/ircd -k 2>&1 | grep -v -e ' ' | grep -e '^[^A-Z0-9]*$' -e '^[^a-z0-9]*$' -e '^[a-zA-Z]*$'; do i=$((i+1)); done; echo $i mWCEBsNtuIn 273 Thus, though the happenstance is unlikely it still does happen ;-). | ||||
| Tags | No tags attached. | ||||
| Attached Files | |||||
| 3rd party modules | |||||
|
|
unreal-4017-generate-good-cloakkeys.patch: Without this patch, those bash loops I ran could find cloak keys which unrealircd would reject within a second. With this patch, it appears impossible... and I even let one of those loops run for a minute with no results just to be sure ;-). May I commit? |
|
|
Yup, looks good, so go ahead. |
|
|
Committed as http://hg.unrealircd.org/hg/unreal/rev/c92bc477b0bf, thanks for the approval ;-). |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2011-03-28 21:05 | ohnobinki | New Issue | |
| 2011-03-28 21:05 | ohnobinki | Status | new => assigned |
| 2011-03-28 21:05 | ohnobinki | Assigned To | => ohnobinki |
| 2011-03-29 20:08 | syzop | Relationship added | child of 0003776 |
| 2011-04-03 06:46 | ohnobinki | File Added: unreal-4017-generate-good-cloakkeys.patch | |
| 2011-04-03 06:47 | ohnobinki | Note Added: 0016635 | |
| 2011-06-05 21:12 | syzop | Note Added: 0016658 | |
| 2011-06-06 05:05 | ohnobinki | Note Added: 0016663 | |
| 2011-06-06 05:05 | ohnobinki | Status | assigned => resolved |
| 2011-06-06 05:05 | ohnobinki | Fixed in Version | => 3.2.9-RC2 |
| 2011-06-06 05:05 | ohnobinki | Resolution | open => fixed |
