8000 CPP: PAM Authorization Bypass · Pull Request #8775 · github/codeql · GitHub
[go: up one dir, main page]
Skip to content

CPP: PAM Authorization Bypass #8775

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from Apr 29, 2022
Merged

CPP: PAM Authorization Bypass #8775

merged 2 commits into from Apr 29, 2022

Conversation

ghost
Copy link
@ghost ghost commented Apr 19, 2022

This PR is similar to my other PRs for
Python and
Golang.

This PR aims to detect instances were an initiated PAM Transaction invokes the pam_authenticate method but does not call the pam_acct_mgmt method. This is bad as a call to pam_authenticate only verifies the users credentials. It does not check if the user account is still is a valid state.

If only a call to pam_authenticate is used to verify the user, a user with an expired account password would still be able to login. This can be prevented by calling the pam_acct_mgmt function after a pam_authenticate function.

@ghost ghost self-requested a review as a code owner April 19, 2022 12:31
CPP: PAM Authorization Bypass
85c751c 
This PR is similar to my other PRs for
[Python](#8595) and
[Golang](github/codeql-go#709).

This PR aims to detect instances were an initiated PAM Transaction invokes the `pam_authenticate` method but does not invoke a call to the pam_acct_mgmt` method. This is bad as a call to `pam_authenticate` only verifies the users credentials. It does not check if the user account is still is a valid state.

If only a call to `pam_authenticate` is used to verify the user, a user with an expired account password would still be able to login. This can be prevented by calling the `pam_acct_mgmt` function after a `pam_authenticate` function.
geoffw0
geoffw0 reviewed Apr 19, 2022
View reviewed changes
Copy link
Contributor
@geoffw0 geoffw0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This query looks great. I appreciate the effort you've gone to providing tests, documentation and example code to support it.

A couple of real-world results: https://lgtm.com/query/6091759195696304116/

@ghost ghost mentioned this pull request Apr 19, 2022
Closed
2 tasks
geoffw0
geoffw0 reviewed Apr 19, 2022
View reviewed changes
Copy link
Contributor
@geoffw0 geoffw0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The failing checks are trivial - you need to correct the file names in the .qhelp and run the auto-formatter on the .ql file (let me know if you don't know how to do that).

@ghost
Copy link
Author
ghost commented Apr 20, 2022

@geoffw0 Changes done!

geoffw0
geoffw0 approved these changes Apr 21, 2022
View reviewed changes
Copy link
Contributor
@geoffw0 geoffw0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@geoffw0
Copy link
Contributor
geoffw0 commented Apr 29, 2022

Looks like this should've been merged.

@geoffw0 geoffw0 merged commit 614a765 into github:main Apr 29, 2022
@geoffw0
Copy link
Contributor
geoffw0 commented Apr 29, 2022

Thanks again for the contribution!

@ghost ghost deleted the cpam branch April 29, 2022 14:02
@ghost
Copy link
Author
ghost commented Apr 29, 2022

@geoffw0 Thanks for the quick turnaround.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@geoffw0 geoffw0

Labels
C++ documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@geoffw0
0